Mitutoyo PSIRT

 

Mitutoyo PSIRT (Product Security Incident Response Team) is the team responsible for addressing vulnerabilities associated with products and services provided by Mitutoyo Corporation.

Mitutoyo Corporation is dedicated to delivering safe and reliable products to all stakeholders, with cybersecurity sincerely integrated as a core aspect of product quality.

Product Security Policy

Mitutoyo Corporation contributes to the trust and development of society through high-precision measuring instruments, guided by our corporate philosophy of "Good Environment," "Good People," and "Good Technology."
In accordance with our Ethical Conduct Guidelines, we are committed to providing safe and reliable products to all stakeholders by sincerely addressing cybersecurity as an integral part of product quality.

 

1. Product Security Response System

We have established and operated Mitutoyo PSIRT (Product Security Incident Response Team) as a global system specializing in handling security incidents and vulnerabilities related to our products.


2. Compliance with Laws and Regulations

We comply with domestic and international laws, regulations, and industry standards related to cybersecurity. We continuously review and revise our policies and operational systems as necessary to maintain and improve security quality. Additionally, we require our suppliers and development partners to adhere to appropriate security standards.


3. Development of Secure Products

We appropriately manage product security risks throughout the entire product lifecycle (planning, design, manufacturing, maintenance, and disposal). We practice secure development based on the principles of Secure by Design and implement measures to protect our products from threats such as cyberattacks, unauthorized access, and information leaks.


4. Response to Product Vulnerabilities

We have established a response framework in compliance with ISO/IEC 29147 (Vulnerability Disclosure) and ISO/IEC 30111 (Vulnerability Handling) to address discovered vulnerabilities. Vulnerabilities in our products, as well as vulnerabilities in software used in our products, will be actively disclosed in coordination with external organizations based on our Vulnerability Disclosure Policy.


5. Response to Cyberattacks

In the event of a cyberattack that affects the provision of our products, we will collaborate with our CSIRT (Mitutoyo CSIRT) to promptly minimize damage and restore services.


6. Continuous Improvement

We continuously improve our response framework and processes related to product security, striving to enhance the maturity of PSIRT. We also conduct continuous education and training to improve the security literacy of all employees involved in product development and quality assurance.

Vulnerability Disclosure Policy

Product Vulnerability Disclosure Policy

 

Mitutoyo Corporation accepts vulnerability reports from external sources and handles them responsibly to enhance the security of our products and services.

 

1. Mitutoyo PSIRT

We have established a PSIRT (Product Security Incident Response Team) to address the security of our products and services. The PSIRT is responsible for handling everything from the receipt of vulnerability reports to the completion of the response, working quickly in coordination with relevant departments.


2. Scope

This policy covers the products and services that we provide to our customers.


3. Permitted Tests and Prohibitions

Vulnerability testing on our systems should be conducted legally and in good faith. Specifically, the following actions are strictly prohibited:

  • Unauthorized Access:Intrusion or bypassing authentication into systems not explicitly permitted by our company.
  • Service Disruption (DoS/DDoS):Mass access or overload attacks intended to halt the system.
  • Improper Handling of Personal Information:Disclosing personally identifiable information obtained during testing to third parties.
  • Other Illegal Acts:Activities involving copyright infringement, privacy rights violations, unauthorized operations, etc.


4. Reporting Method

Vulnerability reports are accepted through the dedicated web form set up by our company (https://www2.mitutoyo.co.jp/eng/psirt/report-form/#form). When reporting, please provide as much of the following information as possible:

  • Reporter information:name, affiliation, contact details, etc.
  • Overview of the vulnerability:description of the issue and circumstances of discovery.
  • Name and version of the affected product/service:identification of the affected system.
  • Reproduction steps and technical information:Steps to reproduce the vulnerability, sample code, etc.
  • Potential impact:risk or impact if the vulnerability is exploited.

The above information is necessary for prompt analysis and response.


5. Post-Report Actions

After receiving a report, we will, in principle, reply with an acknowledgement of receipt within three business days. During the investigation and corrective action process, we strive to share progress with the reporter as much as possible, maintaining a transparent approach. If the presence of the vulnerability is confirmed, appropriate corrective measures (such as product updates or configuration changes) will be taken, and if necessary, alerts and avoidance measures will be published on our website. After the correction is completed, the reporter will be notified of the correction details and impact range.


6. Legal Protection

We will not recommend or pursue any legal action against reporters who conduct security testing in good faith and in accordance with this policy. Reporters are expected to conduct tests at their own risk and report in compliance with this policy. Information obtained through methods not permitted by we will not be considered as reported under this policy.


7. Bug Bounty and Credit

We do not have a bug bounty program and there is no monetary reward for reporting vulnerabilities. Additionally, we do not publish the name or organization of reporters in public advisories or reports. We express gratitude to the reporters, but please understand that no reward or publication will be made.


8. Policy Updates

This policy may be reviewed and revised as necessary. The latest version will be published on our website, reflecting any updates. Based on the above policy, we will strive to provide safe products and services in cooperation with the reporter.

REPORT A PRODUCT SECURITY ISSUE


You can report potential security vulnerability information in the software, firmware, and digital services supported by Mitutoyo to the Mitutoyo Product Security Incident Response Team (Mitutoyo PSIRT).


If you believe you have discovered a vulnerability in our products or services, please review our "Vulnerability Disclosure Policy"and "Privacy Policy“, and use the form below to report it.

This report form is intended solely for reporting vulnerability information. Please note that inquiries related to product specifications, usage, business negotiations, and other product complaints are not accepted.

 

Data protection is a matter of trust – and your trust is important to us. Mitutoyo Europe GmbH respects your privacy and personal use of our products. The protection, lawful collection, processing, and use of your personal data are an important consideration to us. In order for you to feel secure when visiting our website, we strictly observe the legal regulations when processing your personal data and would like to inform you about our data collection and use of data. For more information please refer to our Privacy Policy.

REPORT FORM