Commitment to product security

Our approach to security Reporting a security vulnerability Bose contact information

BACK TO ALL LEGAL

Our approach to security

At Bose, product security is built into how we design, develop, and support our products, software, and related services. We approach security with the same mindset we apply to all innovation at Bose: continuous improvement, thoughtful engineering, and a strong focus on our customers.

Bose has a dedicated team focused exclusively on product security. This team is responsible for identifying security requirements, conducting technical analysis such as source code review, and evaluating potential risks across the product lifecycle.

Bose maintains a product security framework designed to proactively identify, assess, and address potential security defects in our products. Wherever possible, we work to prevent vulnerabilities by incorporating appropriate security measures early in the product lifecycle.

Reporting a security vulnerability

If you believe you have identified a security vulnerability affecting a Bose product, software, or related service, please report it through our online vulnerability submission form hosted by HackerOne. Bose partners with HackerOne as part of our vulnerability disclosure program to help receive, coordinate, and manage vulnerability reports from the security research community.

Information to include in your report

Providing the following details, where available, will help us review your report more efficiently:

  • Product or software name
  • System version
  • Steps to reproduce the issue
  • Description of the vulnerability and any suggested mitigations
  • Potential impact of the vulnerability

 

What to expect when submitting a report 

Bose reviews all reports that are submitted directly to us. After you submit your research through our online submission form, you will receive an automatic email confirming we have received your report. Most reports will be acknowledged by our product security team within 72 hours. If you create a free HackerOne account, you will receive a status update within 90 business days and you will be able to communicate with our team as the report is reviewed.  Additional periodic updates may be provided as appropriate based on the status of the review.

Please note, Bose will always act on any reported vulnerabilities in a timely manner. However, the timing and frequency of updates may vary depending on the nature and complexity of the issue.

Bose contact information

If you wish to contact us or have any questions, please email us at privacyandsecurity@bose.com or visit our Contact us page for additional Bose contact information.