UTC Climate, Controls & Security is committed to the cyber security of our products and services. We investigate all credible reports of security vulnerabilities affecting our products.
If you believe you have found a security vulnerability in one of our products, please send an email to firstname.lastname@example.org with enough information to help us better understand the nature and scope of the potential issue.
Please provide information, including, but not limited to:
- Product and software/hardware version if known;
- Type of issue and the potential impact it may cause;
- Instructions and any proof-of-concept code to reproduce the issue; and
- Any information regarding the use case scenario and any safeguards already in place.
We strongly encourage the use of our PGP key to send the information in an encrypted manner. Please access our PGP key here.
If you do not have access to an encrypted email application that can use PGP keys, please send us your contact information and someone from our incident response team will contact you. Please do not transmit sensitive information to the email address provided above in plain text.
You should receive a confirmation of our receipt of your email or similar response within 48 hours. Our response may include additional information to enable secure communication. Please follow up with us if you have not received a response within this time frame.
Please use our general inquiries form for correspondence unrelated to software security vulnerabilities.