• Brand
  • Products
  • Store
  • Support

Ricoh Imaging Product Security

What is product security?

Ricoh Imaging conducts activities to protect customers’ information handled by products from attackers, and these activities are referred to as “product security.”

Vulnerability handling and information disclosure policy

Ricoh Imaging will establish a security incident response system to ensure that customers can use our products with confidence. We will also obtain information on vulnerabilities, assess and take measures against these vulnerabilities, and disclose information to address vulnerabilities.

Obtaining information on vulnerabilities
Ricoh Imaging will obtain information on vulnerabilities from a broad range of sources, and share this information with the development departments that will assess and take measures against these vulnerabilities.

Assessing and taking measures against vulnerabilities
After assessing a vulnerability and confirming that the vulnerability affects a product, the development departments will implement countermeasures and prepare countermeasure procedures for the customers’ product.

Disclosing information to address vulnerabilities
Ricoh Imaging will disclose information on vulnerabilities and countermeasures against these vulnerabilities (including workarounds) as information to address vulnerabilities to people who require such information at the appropriate time in accordance with the “Principle of Simultaneous Disclosure of Information on Countermeasures*1.”

*1:
When information on vulnerabilities is disclosed, countermeasures must also be provided at the same time. If we disclose information about vulnerabilities before countermeasures are in place, there is a possibility that malicious third parties will develop and distribute attack code to exploit the vulnerabilities, which could then be used to launch cyber attacks against customers.

Action guidelines for vulnerability handling and information disclosure

Obtaining information on vulnerabilities
Ricoh Imaging will obtain information on vulnerabilities from sources inside and outside the company, and share this information with the product development departments responsible for assessing information on vulnerabilities and creating countermeasures against vulnerabilities.

Assessing and taking measures against vulnerabilities
The product development departments will evaluate the impact of the vulnerability received via the vulnerability management system on the product. If it is confirmed that the vulnerability affects the product, the development departments will implement the necessary security measures and then prepare information on the vulnerability and a countermeasure as information to address the vulnerability.

Disclosing information to address vulnerabilities
Ricoh Imaging will disclose information to address vulnerabilities to ensure that the people who need to be informed of the impact on our products and the people who need to address the vulnerabilities will receive this information.

Contacting Ricoh Imaging to report information on product vulnerabilities

If you have discovered a vulnerability in a Ricoh Imaging product, please contact us at the contact point shown below for any questions or concerns regarding security.

After receiving information relating to a vulnerability, we will contact the person who sent us the information to inform them that we have received their information and provide them with the results of our investigation. In addition, we will ask the person who sent us the information to provide additional information and inform them about the status of the countermeasure that we are considering, if necessary.

Please contact us via the “Vulnerability Submission Form”
If you have discovered a vulnerability in a Ricoh Imaging product, please contact us using the “Vulnerability Submission Form” provided in the link below.

The submission form is encrypted by SSL/TLS. We will contact the person who reported the vulnerability via the submission form by email at a later date. When sending sensitive information relating to an undisclosed vulnerability by email or attached file, please use a PGP public key and encrypt the email to prevent unintended disclosure of the information to a third party.

A PGP public key will be provided separately to those people who contact us via the submission form.

Contact point:https://webform.ricoh.com/form/pub/e00272/vulnerability_inq_en

Providing information to address product vulnerabilities

Ricoh Imaging will provide information to address product vulnerabilities to people who require such information. Information to address vulnerabilities that must be made public to a wider audience will be listed on the page linked below.

Product vulnerabilities information list

Product security-related information

Ricoh Imaging will list the support end date for product security on the page linked below. Related documents are also listed on this page.

Product security-related page

Page Top