Security Concern & Compliance Reporting
At GE, security and compliance are, and always will be, top priorities. We want to hear from you if you are aware of a vulnerability in or threat to a GE product, service, network, or data, or to report a compliance matter.
-
Product Vulnerability & Incident Reporting
To report a potential vulnerability or security incident involving a GE product, contact GE Product Security Incident Response Team (GE PSIRT) using the form below. Following submission, GE PSIRT will review the report and respond back with next steps. GE customers with questions or concerns regarding cyber vulnerabilities in a GE product may also contact GE PSIRT through this form. -
Data & Network Security Reporting
To report a potential threat to GE’s data or network, or if you believe you have discovered an incident involving either, contact GE Cyber Incident Response Team (GE CIRT) using the form below. GE CIRT will implement corrective action as appropriate. -
NOMS in a Box
If you are a GE supplier requiring access to the NOMS in a Box (NIAB) software, please submit your request using the following form.
Product Vulnerability
GE PSIRT Product Security Incident and Vulnerability Management procedures are consistent with ISO 29147 and 30111 for identifying, validating, mitigating, and communicating vulnerabilities in GE products. Consistent with these standards and our company’s security culture, GE regularly partners with researchers, academia, government, and coordinating authorities to continuously assess for vulnerabilities and improve security in our products. In addition, GE regularly discloses to its customers mitigations and remediation for GE product vulnerabilities, both directly and in cooperation with coordinating authorities. Consistent with responsible disclosure practices, GE does not publicly communicate information concerning vulnerabilities unless a remediation is available. Public disclosure is the release, either intentionally or unintentionally, of vulnerability information to any individual or organization other than GE, the individual or entity that identified the vulnerability, and a coordinating authority (ex – NCCIC/ICS-CERT).