Dassault Systèmes considers vulnerability reporting to be an important part of our information security program and values the role of independent security researchers. Responsible reporting of potential security issues is taken seriously and follows our established vulnerability disclosure procedures. This page describes the approach used to address potential vulnerabilities in Dassault Systèmes products or services.
Existing Dassault Systèmes customers are expected to use the support portal to report any issues for any product or service through https://www.3ds.com/support/. Security researchers willing to share suspected vulnerabilities privately may contact us directly through the Dassault Systèmes security team email address 3DS.Information-Security(at)3ds.com. To bring value to your report and assist our teams in evaluating the suspected vulnerabilities, each reporting would ideally include a detailed description, perceived risk, the targeted scope and its level, POC and any supported materials.
Dassault Systèmes will acknowledge the reception of any non-customer vulnerability reporting within two business days. (Customers reporting process is based on our support policies and SLA). All submissions will be evaluated and dispatched to the relevant teams and will be treated as strictly confidential. Protecting our customers and users is at the top of our priorities, we therefore ask that you provide us with ample time to address the security concerns and await our solution before any public notifications.
Dassault Systèmes has a large set of products and internet presence to cover all brands, industries and activities. This program covers the following three categories:
By submitting report about vulnerabilities, security threats and/or workaround proposals (hereinafter together referred as "Vulnerability Report") to Dassault Systèmes SE and/or its affiliates (hereinafter “Dassault Systèmes”):