Dassault Systèmes Vulnerability Reporting

Dassault Systèmes Responsible Vulnerability Disclosure Program

Dassault Systèmes undertakes to ensure the protection and security of our products and services and values the role of independent security researchers. As such, responsible reporting of any security issues is taken seriously, following our vulnerability disclosure guidelines.
This page describes our practice for addressing potential vulnerabilities in any online presence and software.

Reporting Potential Vulnerabilities

Existing Dassault Systèmes customers are expected to use the support portal to report any issues for any product or service through https://www.3ds.com/support/
Security researchers willing to share suspected vulnerabilities privately may contact us directly through the Dassault Systèmes security team email address 3DS.Information-Security(at)3ds.com. To bring value to your report and assist our teams in evaluating the suspected vulnerabilities, each reporting would ideally include a detailed description, perceived risk, the targeted scope and its level, POC and any supported materials.

Evaluation Process

Dassault Systèmes will acknowledge the reception of any non-customer vulnerability reporting within two business days. (Customers reporting process is based on our support policies and SLA)
All submissions will be evaluated and dispatched to the relevant teams and will be treated as strictly confidential.
Protecting our customers and users is at the top of our priorities, we therefore ask that you provide us with ample time to address the security concerns and await our solution before any public notifications.

Scope

Dassault Systèmes has a large set of products and internet presence to cover all brands, industries and activities. This program covers the following three categories:

  • All web sites of the corporate group and of any subsidiaries, including but not limited to www.3ds.com and www.solidworks.com
  • All Software as a Service solutions, such as 3DEXPERIENCE or ScienceCloud, but also any online hosting linked to our brands
  • All Dassault Systèmes licensed software products.