Responsible Disclosure Policy

At TTTech Auto, we take cybersecurity seriously and we are committed to maintaining the security of our products and service offerings. We recognize the valuable role that the cybersecurity community plays in identifying vulnerabilities.

We encourage independent research and ethical hacking of our products. If you have found a vulnerability, we would be happy if you inform us in accordance with the guidelines provided below.

Scope for reporting

We are pleased to announce that TTTech Auto has been acquired by NXP Semiconductors. As part of this integration, TTTech Auto’s product security processes are being aligned with NXP’s.

Please be advised that the following email addresses, previously used for reporting security vulnerabilities, will be decommissioned in the near future:

To continue reporting potential security vulnerabilities, please use the official NXP Product Security Incident Response Team (PSIRT) contact page: https://www.nxp.com/psirt

We encourage all partners, researchers, and customers to update their records and bookmarks accordingly.

Thank you for your continued support and commitment to product security.

Responsible behavior

TTTech Auto will never take legal action against cybersecurity researchers or ethical hackers that act in good faith. When performing your research or vulnerability hunting, please make sure that:

Any private data is not disclosed to third parties.
Safety is never affected and, if it is, the research activities should be stopped.
If the research affects any specific individual, for example, a vehicle owner, make sure to contact them and obtain their permission before proceeding further.
We are notified as soon as possible, especially if safety or privacy is affected.

TTTech Auto encourages responsible disclosure of the results and outcomes of cybersecurity research such as articles, conference presentations and publications in printed and online media. You will be welcome to publish your results once the vulnerability is fixed.