Security researchers, customers, vendors, and industry partners can report Xylem product security vulnerabilities to product.security@xylem.com. Xylem recommends that you encrypt confidential information sent to Xylem via email with PGP encryption; the Xylem PSIRT public key is available here.
Vulnerability Reporting
When reporting a vulnerability, please include the following information:
- Product name and version
- Description of the potential vulnerability
- Any special configuration required to reproduce the issue
- Step by step instructions to reproduce the issue
- Proof of concept or exploit code, if available
- Potential impact
- Any other relevant information