NVIDIA is committed to ensuring the security and integrity of our products and services. We employ a multi-faceted approach to security, encompassing threat detection, vulnerability management, and incident response.

We encourage security researchers and users to report any discovered vulnerabilities. Please report all suspected vulnerabilities to the PSIRT webform here. We request researchers and finders to use the webform in order for PSIRT to coordinate effectively and in a timely manner.

If the webform is unavailable or you are unable to use it, you may contact our security team at PSIRT@nvidia.com with details of the vulnerability and any supporting information. If you are reporting an issue to NVIDIA PSIRT, we encourage you to use the following PGP key for secure email communication. You can download this key here or copy-and-paste the text in the PGP_key.md file.

The NVIDIA Product Security Incident Response Team (PSIRT) goal is to minimize customers’ risk associated with security vulnerabilities by providing timely information, guidance and remediation of vulnerabilities in our products. NVIDIA PSIRT is a global team that manages the receipt, investigation, internal coordination, remediation and disclosure of security vulnerability information related to NVIDIA products.

NVIDIA strives to follow Coordinated Vulnerability Disclosure (CVD). CVD is a process by which independent reporters who discover a vulnerability in our product contact NVIDIA directly and allow us the opportunity to investigate and remediate the vulnerability before the reporter discloses the information to the public.

NVIDIA PSIRT will coordinate with the reporter throughout the vulnerability investigation and will provide the reporter with updates on progress as appropriate. With the agreement of the reporter, NVIDIA PSIRT may recognize the reporter on our Acknowledgement page for finding a valid product vulnerability and privately reporting the issue. After an update or mitigation information is publicly released by NVIDIA, the reporter is welcome to discuss the vulnerability publicly.

Following NVIDIA’s CVD allows us to protect our customers and at the same time, coordinate public disclosures and appropriately acknowledge the reporter(s) for their finding.

Occasionally NVIDIA will discover security vulnerabilities in products from other vendors. If this occurs, NVIDIA will follow its standard Coordinated Vulnerability Disclosure process and communicate the identified issue to the affected vendor or a third-party coordination center.

Please reach out to one of the Corporate Communication contacts listed here.

For additional resources and information about NVIDIA's security practices, please visit our Product Security page.