Report a Security Vulnerability

The Juniper Networks Security Incident Response Team has an email alias that makes it easy for customers and others to report potential security vulnerabilities.

Please report any potential or real instances of security vulnerabilities with any Juniper Networks product to the Juniper Networks Security Incident Response Team at sirt@juniper.net. For immediate assistance, JTAC is available 24 hours a day by calling 888-314-JTAC (North America) or +1-408-745-9500.

Question: When should I send a message to sirt@juniper.net?

Answer: When you have found a security vulnerability with a Juniper Networks product.

Question: When should I NOT use sirt@juniper.net?

Answers:

• When you need technical assistance (for example "how do I configure my firewall").
• When you are notifying Juniper of vulnerabilities that are already public knowledge such as from the Bugtraq mailing list.
• When you are asking for help in applying upgrade packages that have been distributed because of security alerts.
• When you are reporting a vulnerability in another vendor's products, or requesting information regarding a vulnerability in another vendor's products.
• When you are asking about any other non security-related issues.
• When you are reporting malware found on a mobile device.

In any of these situations you should contact our technical support team first. If our technical support team recognizes a security issue they will escalate it to the Security Incident Response Team.

Who reads email sent to sirt@juniper.net?

The Juniper Security Incident Response Team, which is a restricted and carefully chosen group of Juniper employees, monitors this email address. No outside users can subscribe to this list.

What information should I send to sirt@juniper.net?

When you contact the list please give as much information as possible. We encourage you to encrypt any sensitive information you send to us using our public key, visible at the bottom of this page and available at various key servers.

How do we respond to a notification?

All issues reported to the Security Incident Response Team will be investigated. Patches will be generated where necessary and a security advisory will be released. Unless you inform us otherwise, it is our usual practice to cooperate with other affected security vendors and organizations such as CERT/CC to share vulnerability information and patches. However, we will never forward the email that you send to us, and we will not pass on any information that could identify you, your company, your machines, or your configuration.

Please note: Juniper does not provide an advance notification service. Security patches and advisories are freely available from our web site.

To report a security issue to Juniper Networks, we encourage you to use the following PGP key for secure communication.

To verify the validity of text security alerts, this PGP key can be used.
To verify the validity of PDF security alerts, this X.509 certificate can be used.