Security Concern & Compliance Reporting

At GE, security and compliance are top priorities.

ENLISTING YOUR HELP

We want to hear from you if you are aware of a vulnerability or threat to GE.

Product Vulnerability & Incident Reporting.

To report a potential vulnerability or security incident involving a GE product, contact GE Product Security Incident Response Team (GE PSIRT) using the form below.

Cybersecurity Reporting

To report a potential threat to GE’s data or network, or if you believe you have discovered an incident involving either, contact GE Cyber Incident Response Team (GE CIRT) using the form below.

NOMS in a Box

If you are a GE supplier requiring access to the NOMS in a Box (NIAB) software, please submit your request using the following form.

Product vulnerability

GE PSIRT Product Security Incident and Vulnerability Management procedures are consistent with ISO 29147 and 30111 for identifying, validating, mitigating, and communicating vulnerabilities in GE products. Consistent with these standards and our company’s security culture, GE regularly partners with researchers, academia, government, and coordinating authorities to continuously assess for vulnerabilities and improve security in our products.

Frequently asked questions



Product Vulnerability & Incident Reporting
Answer


GE PSIRT Product Security Incident and Vulnerability Management procedures are consistent with ISO 29147 and 30111 for identifying, validating, mitigating, and communicating vulnerabilities in GE products. Consistent with these standards and our company’s security culture, GE regularly partners with researchers, academia, government, and coordinating authorities to continuously assess for vulnerabilities and improve security in our products. In addition, GE regularly discloses to its customers mitigations and remediation for GE product vulnerabilities, both directly and in cooperation with coordinating authorities. Consistent with responsible disclosure practices, GE does not publicly communicate information concerning vulnerabilities unless a remediation is available. Public disclosure is the release, either intentionally or unintentionally, of vulnerability information to any individual or organization other than GE, the individual or entity that identified the vulnerability, and a coordinating authority (ex – NCCIC/ICS-CERT).