Submit IP Vulnerability to Synopsys IP-SIRT

Synopsys IP-SIRT prefers all security reports for Synopsys IP products and associated software be sent encrypted using PGP. Please report potential security vulnerabilities in Synopsys IP products or associated software to the IP-SIRT email address ([email protected]).

For efficient handling of the issue, we recommend that the report has the following structure and content:

• Affected product and version
• Reporter severity score
• Technical description of the issue
• Demo evidence of the issue
• Sample code used to exploit the vulnerability
• Date/time of discovery
• Contact information and optional name for acknowledgments
• Reporter’s Public PGP Key 
• Possible disclosure plans

Synopsys IP-SIRT encourages individuals who report vulnerabilities to evaluate and assign an initial severity using an industry-recognized standard, such as CVSSv3.

Note: given the complexity of security issues in the hardware context, the response time scales, and patching limitations, this can lead to longer embargo periods than the software industry common target of 90 days. This time can be necessary for Synopsys’ customers to devise and implement mitigation strategies.