Report a Security Issue
To report a security issue you believe you have found in a Western Digital product or service, including issues which may affect the privacy of user data, please email the details of your findings to the PSIRT (Product Security Incident Response Team) at PSIRT@wdc.com. If possible, please include the following:
- the specific product(s) or service(s) affected, including any relevant version numbers;
- details on the impact of the issue;
- any information that can help reproduce or diagnose the issue, including a Proof of Concept (PoC) if available; and
- whether you believe the vulnerability is already publicly disclosed or known to third parties.
Please use our PGP/GPG key to encrypt the information before sending it. The Western Digital PSIRT will respond to your email within 3 business days.
Once the report has been confirmed, Western Digital will work with you to coordinate disclosure. We typically request a disclosure timeframe of 90 days, consistent with industry norms. Western Digital will request the assignment of CVE IDs for confirmed issues.
Western Digital does not currently offer or participate in a bug bounty program.