Security Concern & Compliance Reporting

At GE, security and compliance are, and always will be, top priorities. We want to hear from you if you are aware of a vulnerability in or threat to a GE product, service, network, or data, or to report a compliance matter.

Product Vulnerability

GE PSIRT Product Security Incident and Vulnerability Management procedures are consistent with ISO 29147 and 30111 for identifying, validating, mitigating, and communicating vulnerabilities in GE products. Consistent with these standards and our company’s security culture, GE regularly partners with researchers, academia, government, and coordinating authorities to continuously assess for vulnerabilities and improve security in our products.  In addition, GE regularly discloses to its customers mitigations and remediation for GE product vulnerabilities, both directly and in cooperation with coordinating authorities. Consistent with responsible disclosure practices, GE does not publicly communicate information concerning vulnerabilities unless a remediation is available. Public disclosure is the release, either intentionally or unintentionally, of vulnerability information to any individual or organization other than GE, the individual or entity that identified the vulnerability, and a coordinating authority (ex – NCCIC/ICS-CERT).