Product Security | ACER ESG

Product Security

Product Security

 

Acer is committed to the highest standards of safety in the design of its products and services. To fully protect our customers and their data, we encourage security researchers, academic institutions and other members of the security community to provide any information about potential security vulnerabilities. We work with those who raise major security vulnerabilities to ensure that all relevant reports are handled.

 

We work with partners, industry and the safety community to address vulnerabilities. When notification of a suspected vulnerability is received, we conduct a thorough investigation and, upon confirmation, we work with the person submitting the issue to remediate and coordinate a public release of the information. Generally speaking, security vulnerabilities are often reported by independent hardware vendors such as Intel, AMD, NV, or Microsoft operating systems (OS) and applications (Apps), and Acer will provide consumers with a way to fix them: we offer a variety of solutions to address security vulnerabilities at community.acer.com. For example, the researchers discovered a vulnerability in the Baseboard Management Controller (BMC), which could lead to the server being hacked to execute any code attack. Acer works closely with vendors to limit risk with best security practices, restrict privileges, and update BMC and CMC firmware to address BMC firmware vulnerabilities that affect certain products.

 

Acer only uses the latest software versions available on the website for verification of vulnerability reproducibility. Acer is committed to ensuring that our products are protected against attacks throughout the supply chain lifecycle, from design, parts procurement and manufacturing to transportation, service and recycling. Acer strives to create the safest designs for users, including but not limited to the following measures: