Commitment to security

Secure by design

Bose approaches product security in the same manner as it does other technologies and products — always pursuing improvement and innovation.

Our approach to security

Bose has implemented a product security framework that includes proactive monitoring of products for security defects. Wherever possible, Bose designs and implements appropriate measures to remediate potential vulnerabilities before they can be exploited.

Our internal procedures and policies for anticipating potential security issues demonstrates a proactive approach to security. By attempting to stay ahead of potential threats and vulnerabilities, we can reduce the risk of security breaches and minimize the impact on our customers.

By taking these proactive measures and establishing a robust framework for product security, Bose demonstrates a strong commitment to protecting our customers’ data and ensuring the reliability of our products.

Dedicated team

Bose has a dedicated team of professionals focused solely on product security. Among other things, this team identifies requirements, conducts source-code analysis, and considers supply chain threats.

Reporting a vulnerability

The Bose Product Security Incident Response Team (PSIRT) is committed to rapidly addressing security vulnerabilities found in Bose products. If you believe you have discovered a potential security vulnerability, please contact the PSIRT. Bose considers vulnerability information to be extremely sensitive and strongly recommends that all security vulnerability reports sent to the PSIRT be encrypted using the PSIRT PGP/GPG key.

PGP/GPG Key:

• Email contact: privacyandsecurity@bose.com

• Fingerprint: E242 D718 4184 10F9 3945 CA3D F7E2 5436 501F 3008

PGP/GPG Key

• Software to PGP/GPG encrypt messages may be obtained from: GnuPG (free) or Gpg4win.