Go Back
By Industry
By Technology
Synopsys Cloud
Synopsys Cloud

Cloud native EDA tools & pre-optimized hardware platforms

Request a Free Trial →
Multi-Die Innovate Faster eBook
Innovate Faster with Synopsys Multi-Die Solution

Accelerating success from early architecture to manufacturing.

Download eBook →
View All Solutions →
Explore Silicon Design, Verification & Manufacturing

Synopsys is a leading provider of electronic design automation solutions and services.

Families
Optical Design
Photonic Design
Design
3D Image Processing
Verification
Modeling & Simulation
Manufacturing
Try Synopsys Cloud
Synopsys Cloud

Unlimited access to EDA software licenses on-demand

Request a Free Trial →
Explore Silicon IP

Synopsys is a leading provider of high-quality, silicon-proven semiconductor IP solutions for SoC designs.

Interface IP
Processor IP
Memories & Libraries
SoC Architecture
Security IP
SoC Infrastructure IP
IP Accelerated
IP Markets
Synopsys IP Portfolio Cover
Synopsys IP Portfolio
Download Brochure →
Synopsys IP Technical Bulletin
Read Latest Issue →
Explore Systems Verification and Validation

Synopsys is a leading provider of hardware-assisted verification and virtualization solutions.

Emulation
System Test Generation
Verification IP
FPGA Development
Prototyping
Virtual Prototyping
View All Products →
Company Overview
Resources
Success Stories | Synopsys
Success Stories

Explore our success stories.

Learn More →
Synopsys Job Search Thumbnail
Pursue Your Passion

Start Your Job Search

Apply Now →

Report a Product Security Issue

Synopsys PSIRT recommends that all security reports for Synopsys products be sent encrypted using PGP. Please report potential security vulnerabilities to the PSIRT email address (psirt@synopsys.com).

For efficient handling of the issue, we recommend that the report has the following structure and content:

  • Affected Product and Version
  • Reporter severity score
  • Technical description of the issue
  • Demo evidence of the issue
  • Sample code used to exploit the vulnerability
  • Date/time of discovery
  • Contact information and optional name for acknowledgments
  • Reporter’s Public PGP Key
  • Possible disclosure plans

Synopsys PSIRT encourages those individuals who report vulnerabilities to evaluate and assign an initial severity using an industry-recognized standard, such as FIRST CVSSv3.

Note: given the complexity of security issues in the hardware context, the response times from customers, and patching limitations can lead to longer embargo periods than those typically used in software industry. This time can be necessary for the customers to devise and implement mitigation strategies.

PGP Key Information

PGP Key File

 PSIRT_PGP.asc

PGP Key Fingerprint

EC81 69B9 6079 6D31 6701 8E28 E13E 0FAA 363A FDDD

About CVSS

FIRST.Org, Inc (FIRST) is a non-profit organization based out of the US that owns and manages CVSS. It is not required to be a member of FIRST to utilize or implement CVSS but FIRST does require any individual or organization give appropriate attribution while using CVSS. FIRST also states that any individual or organization that publishes scores follow the guideline so that anyone can understand how the score was calculated.