Security

Landis+Gyr encourages responsible vulnerability disclosure. We work with security researches to help identify and resolve vulnerabilities.

Landis+Gyr openly shares identified security vulnerabilities with our utility customers. Due to the regulatory and legal nature of power grid systems, Landis+Gyr does not provide full public disclosure of identified vulnerabilities.

Identification of the researcher is important for many in the research community. If desired by the researcher, Landis+Gyr will disclose to utilities the name and contact information of researchers. We would also like to publicly acknowledge security researchers that are working with Landis+Gyr.

If a researcher is seen on our public disclosure list, it is because they have responsibly disclosed a vulnerability to Landis+Gyr and have agreed to be listed.

Responsible Disclosure
Landis+Gyr asks that the research community give us an opportunity to resolve vulnerabilities before disclosing them publicly.

It is responsible to allow Landis+Gyr an opportunity to diagnose and formally release fully tested updates, workarounds or other corrective measures before disclosing an exploit to the public.

If attacks are underway in the wild, and the vendor is still working on mitigation, then both the vendor and researcher will work together as closely as possible to protect customers. The goal is to provide timely and consistent guidance to customers to protect themselves.

Contacting Landis+Gyr
To report security issues that affect Landis+Gyr products, please email: security@landisgyr.com