skip to main content

Security Concern & Compliance Reporting

Security Vulnerability & Concern Reporting

Ensuring the security of our data and products is, and always will be, a top priority. We are actively monitoring our data security systems in response to the global vulnerability referred to as the “Bash or ShellShock bug,” and are taking action where necessary. If a threat is detected, we will swiftly implement corrective action as appropriate.

To report a potential security vulnerability or concern, please contact security@ge.com. A GE Security Incident Response Team member will review and respond to your submission within 48 hours, depending on the severity of the concern. GE supports encrypted emails via PGP (GE’s public PGP key).

If you believe that GE data or systems are at risk, please include the following details in your email:

  • A brief summary of the activity being reported (i.e. what GE information is being degraded, disclosed, or denied)
  • Email, domain name, or IP address involved
  • How the activity was detected

If you believe you have discovered a vulnerability in a GE product, please include the following details in your email:

  • Subject line must have PSIRT
  • GE product name(s) and version(s)
  • Description of the concern or vulnerability (e.g. privilege escalation, buffer overflow, SQL injection, cross-site scripting)
  • Information to help our team replicate the issue (e.g. configuration details, a proof-of-concept, or exploit code)