Apache Log4j Vulnerability
We are aware of the Apache Log4j Vulnerability (CVE-2021-44228) “Log4Shell”.
We are currently analyzing if any of our products are affected. In case any of our products are affected, we will publish respective Security Advisories on this web site: https://www.boschsecurity.com/xc/en/support/product-security/security-advisories.html.
Our Remote Portal and Cloud Analytics Services are all patched to a non-vulnerable version of Log4j and were not impacted.
Product Security at Bosch
It is an essential part of the Bosch Quality Promise that we provide product security and protect our customers’ privacy throughout the entire product life cycle. To achieve this Bosch established a global Product Security Team and made security an integral part of Bosch’s processes. The Bosch Product Security Incident Response Team (PSIRT) is the central point of contact for external security researchers, partners, and customers to report security concerns related to products of Bosch and its brands.
Product Security throughout the life cycle of Bosch Building Technologies’ products and services
In order to provide secure and reliable products for our customers, we have established security and data protection as fundamental requirements of our products during the entire life cycle.
Security with Supplier
We have high quality requirements for purchased products. To ensure security of purchased products, modules and components we evaluate each supplier with respect to product security, as an integral part of our purchasing process.
Security Engineering Process
Security Engineering Process is a core part in our product development. Whenever we develop a new product, we conduct a comprehensive Threat and Risk Analysis, and create an individual Security Concept for the product and its integration into a complete solution. During design phase and before release we ensure product security by comprehensive testing (security and penetration tests). Any following updates, patches or upgrades will undergo the same rigorous tests, and will only be deployed once they have proven to be secure.
Vulnerability and Incident Management
Because requirements are constantly changing, 100% security is never guaranteed. Therefore a structured Vulnerability and Incident Management Process is established to professionally manage potential product security vulnerabilities and incidents.
Reporting Product Security Vulnerabilities
Bosch Building Technologies takes security very seriously, and investigates all vulnerability reports.
Whenever you think you have identified a vulnerability or any other security issue related to a Bosch Building Technologies’ product or service, or any other Bosch product, please contact the Bosch Product Security Incident Response Team (PSIRT):