Security

Report a Vulnerability

We encourage disclosure of security vulnerabilities. Security researchers, industry groups, government organizations and vendors can report potential security vulnerabilities to Synapsys Solutions by emailing us with below details mentioned.

Reporting Instructions

Synapsys Solutions encourages all individuals who have discovered a vulnerability in our product offerings to report these findings so they can be addressed. However, certain items are out of scope if the reporter is seeking credit or faster prioritization. If you are reporting multiple vulnerabilities or vulnerabilities in multiple products feel free to include in one submission.

Out of Scope

• Vulnerabilities found in offerings that are no longer supported.
• Vulnerabilities identified in offerings for which Synapsys Solutions has advised consumers to use the latest version or upgrade.

If the vulnerability affects a product, service or solution, email us at security@synapsys-solutions.com with the following instructions/details:

• Product and version
• Description of the potential vulnerability
• Any special configuration required to reproduce the issue
• Step by step instructions to reproduce the issue
• Proof of concept or exploit code, if available
• Potential Impact

For all other security issues, email us at security@synapsys-solutions.com with the following instructions.

• Website URL or location
• Type of vulnerability (XSS, Injection, etc.)
• Instructions to reproduce the vulnerability
• Proof of concept or exploit code, including how an attacker could exploit the vulnerability
• Potential impact

Minimum security update periods

Synapsys Solutions will make all reasonable effort to provide security updates for a maximum of 3 years after the product end of life.