Commitment to security

Secure by design

Bose approaches product security in the same manner as it does other technologies and products — always pursuing improvement and innovation.

Our approach to security

Bose has implemented a product security framework that includes proactive monitoring of products for security defects. Wherever possible, Bose designs and implements appropriate measures to remedy potential vulnerabilities before they can be exploited.

Our internal procedures and policies for anticipating potential security issues demonstrate a proactive approach to security. By attempting to stay ahead of potential threats and vulnerabilities, we can reduce the risk of security breaches and minimize the impact on our customers.

By taking these proactive measures and establishing a robust framework for product security, Bose demonstrates a strong commitment to protecting our customers’ data and ensuring the reliability of our products.

Dedicated team

Bose has a dedicated team of professionals focused solely on product security. Among other things, this team identifies requirements, conducts source-code analysis, and considers supply chain threats.

Reporting a vulnerability

The Bose Product Security Incident Response Team (PSIRT) is committed to rapidly addressing security vulnerabilities found in Bose products. If you believe you have discovered a potential security vulnerability, please contact the PSIRT. Bose considers vulnerability information to be extremely sensitive and strongly recommends that all security vulnerability reports sent to the PSIRT be encrypted using the PSIRT PGP/GPG key.

PGP/GPG Key:

• Email contact: privacyandsecurity@bose.com

• Fingerprint: 89EA 35C9 165D 6922 75A6 344E F9DE 05D1 9772 6DF6

PGP/GPG Key

• Software to PGP/GPG encrypt messages may be obtained from: GnuPG (free) or Gpg4win.