Tesla values the work done by security researchers in improving the security of our products and service offerings. We are committed to working with this community to verify, reproduce, and respond to legitimate reported vulnerabilities. We encourage the community to participate in our responsible reporting process.
If you are a security researcher and would like to report a security vulnerability, please send an email to: firstname.lastname@example.org. Please provide your name, contact information, and company name (if applicable) with each report. Priority will be granted to encrypted reports – please include your PGP public key with such reports.
Responsible Disclosure Guidelines
We will investigate legitimate reports and make every effort to quickly correct any vulnerability. To encourage responsible reporting, we commit that we will not take legal action against you or ask law enforcement to investigate you if you comply with the following Responsible Disclosure Guidelines:
- Provide details of the vulnerability, including information needed to reproduce and validate the vulnerability and a Proof of Concept (POC)
- Make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our services
- Do not modify or access data that does not belong to you
- Give us a reasonable time to correct the issue before making any information public
We will attempt to respond to your report within 1-2 business days.
Tesla Security Researcher Hall of Fame
Tesla appreciates and wants to recognize the contributions of security researchers. If you are the first researcher to report a confirmed vulnerability, we will list your name in our Hall of Fame (unless you would prefer to remain anonymous). You may also be considered for an award if you are the first researcher to report one of the top 3 confirmed vulnerabilities in a calendar quarter. You must comply with our Responsible Disclosure Guidelines (above) to be considered for our Hall of Fame and top 3 awards.
|2018||UnicornTeam||Jun Li (@bravo_fighter), Qing Yang (@Ir0nSmith), Yingtao Zeng, Chaoran Wang|
|2017||Keen Security Lab||Tencent for CVE-2017-9983 and CVE-2017-6261|
|2016||Keen Security Lab||Tencent|
|Jianhao Liu||Qihoo 360 Adlab|
|Jiaheng Wang||Zhejiang University|
|Yanjing Wu||Zhejiang University|
|Wenyuan Xu||Zhejiang University|
|Jon||Bitquark Security Research|
|Jack "fin1te" W|
|Ch. Muhammad Osama|
|Nikhil Kumar Srivastava||@niksthehacker|
|Jay Turla||HP Fortify|