Commitment to security

BACK TO ALL LEGAL

Bose approaches product security in the same manner as it does other technologies and products — always pursuing improvement and innovation.

Bose has implemented a product security framework that includes proactive monitoring of products for security defects. Wherever possible, Bose designs and implements appropriate measures to remediate potential vulnerabilities before they can be exploited.

Our internal procedures and policies for anticipating potential security issues demonstrates a proactive approach to security. By attempting to stay ahead of potential threats and vulnerabilities, we can reduce the risk of security breaches and minimize the impact on our customers.

By taking these proactive measures and establishing a robust framework for product security, Bose demonstrates a strong commitment to protecting our customers’ data and ensuring the reliability of our products.

Bose has a dedicated team of professionals focused solely on product security. Among other things, this team identifies requirements, conducts source-code analysis, and considers supply chain threats.

The Bose Product Security Incident Response Team (PSIRT) is committed to rapidly addressing security vulnerabilities found in Bose products. If you believe you have discovered a potential security vulnerability, please contact the PSIRT. Bose considers vulnerability information to be extremely sensitive and strongly recommends that all security vulnerability reports sent to the PSIRT be encrypted using the PSIRT PGP/GPG key.

PGP/GPG Key:

• Email contact: privacyandsecurity@bose.com

• Fingerprint: 5A1C 3723 10F5 D7EC AC5F 8565 EF54 5824 4A7A 0D50

• PGP/GPG Key

• Software to PGP/GPG encrypt messages may be obtained from: GnuPG (free) or Gpg4win.