Vulnerability Disclosure Policy

IAR Systems® welcomes responsible disclosure of vulnerabilities in any of our products. Security researchers are invited to privately contact us by email with the details of vulnerabilities found, optionally encrypting any sensitive information with Open PGP using our public key below.

Please refrain from any wider publication until IAR Systems agrees to wider publication, which may need to wait until a security patch has been successfully rolled out and affected customers protected.

Our contact details can be found in the file "security.txt", which contains the email address and our GPG public key, which you can use to encrypt information about the vulnerability.

We will endeavor to contact you within a week in response to your email after our vulnerability triage. But note that we may need to coordinate our vulnerability disclosure with other vendors using our products, so we ask you to be patient - this is for the benefit of all for responsible disclosure.

If you find a vulnerability in one of our products that does result in a security patch, if you desire, we will publicly acknowledge your help in identifying the vulnerability in the Security Advisory and/or on this website.

The products are: 

IAR Embedded Workbench®

IAR Build Tools™ 

IAR Visual State™ 

IAR Flash Tool 

IAR Visual Studio Code extensions

IAR Embedded Trust®

IAR Embedded Secure IP™ 

Secure Desktop Provisioner™

Secure Deploy-Prototyping


  • IAR Systems® "security.txt"
  • IAR Systems® GPG public key
  • ISO/IEC 29147:2018 Vulnerability disclosure
  • ISO/IEC 30111:2019 Vulnerability handling processes
  • Code of Practice for Consumer IoT Security, UK Government : Department for Digital, Culture, Media & Sport

죄송하지만, 이 콘텐츠는 한국어로 제공되지 않습니다.

당사 웹 사이트 중 한국어가 제공되는 않는 페이지는 기본적으로 영어로 제공됩니다. 또한, 투자정보(Investor) 컨텐츠는 법률에 따라 스웨덴어로 제공됩니다. 보다 정확한 정보를 위해 영어로 제공되는 글로벌 웹 사이트를 방문하실 것을 권장합니다.

죄송하지만, 당사 사이트에서는 Internet Explorer를 지원하지 않습니다.보다 편안한 사이트를 위해 Chrome, Edge, Firefox 등과 같은 최신 브라우저를 사용해 주시길 부탁드립니다.