Support

    Product Security
    Incident Response Team (PSIRT)

    Qorvo Product Security Vulnerability Reporting

    Qorvo low power IoT and ultra-wideband products are designed for the latest security standards and regulations from the get-go to ensure our customers' needs are met. The Qorvo Product Security Incident Response Team (PSIRT) is committed to addressing security vulnerabilities in Qorvo products by responding to reported vulnerabilities and providing guidance or solutions where applicable.

    Scope of Security Incidents Handled by PSIRT

    The following cases are in scope of the PSIRT:

    • Security vulnerabilities or bugs that impact security in Qorvo low power IoT and ultra-wideband products including hardware and software.
    • Errors or weaknesses in documents regarding security information or recommendations e.g. datasheets and application notes.
    • Unauthorized access to security-sensitive documents and information regarding Qorvo products.

    The following cases are NOT in scope of the PSIRT:

    • Technical feedback not relevant to security. For these please contact your local Qorvo Sales.
    • Any Qorvo parts not listed under low power IoT and ultra-wideband technologies.

    Vulnerability Handling Process

    Qorvo Product Security Vulnerability process is outlined below.

    Report a product security incident

    If you believe you have discovered a potential security vulnerability, please email psirt@qorvo.com. Qorvo aims to respond within 3 business days. Please include the following information:

    • Part number of the Qorvo product where the security vulnerability is found.
    • For Qorvo Development Kits include version of the hardware and SDK.
    • Instructions and tools enabling Qorvo to reproduce the security incident.
    • Document capturing the expected outcome and the actual outcome, e.g. debug logs, memory values.
    • Your email address.

    Qorvo PSIRT strongly recommends that all security vulnerability reports be sent encrypted using the below PSIRT PGP/GPG Key.

    Qorvo looks forward to working with security vulnerability reporters and our customers to improve the security of our products and ultimately promote their safe use in end products.