• Collezioni
  • Auto
    • Ferrari Purosangue
    • 812 GTS
    • 296 GTB
    • 296 GTS
    • SF90 Stradale
    • SF90 Spider
    • F8 Tributo
    • F8 Spider
    • Ferrari Roma
    • Ferrari Roma Spider
    • Ferrari Portofino M
    • Serie speciale
      • 812 Competizione
      • 812 Competizione A
    • Icona
      • Daytona SP3
      • Monza SP1
      • Monza SP2
    • Gamma
    • MyFerrari
      • MyFerrari App
      • Entra
      • Registrati
      • MyFerrari Connect
      • Owners Club
    • Configuratore
    • GT Racing
      • Introduzione
      • 488 GTE
      • 488 GT3 Evo 2020
      • 488 GT Modificata
      • 488 GT3
      • 488 Challenge Evo
    • Modelli del passato
    • Personalizzazioni
      • Ferrari Tailor Made
      • Ferrari Genuine
    • Servizi
    • Officine Classiche
    • Corsi di guida
    • Attività di guida
    • Usato certificato
      • Home
      • Perché Approved
      • Modelli
      • Valutazione usato
    • Concessionari
      • Trova il tuo concessionario
      • Scopri la rete ufficiale
    • Servizi Finanziari
  • Racing
    • Formula 1
      • Home
      • SF-23
      • Team
      • News
      • Gare
      • Partner
      • Hospitality
      • Media gallery
      • Storia
    • Hypercar
      • Home
      • Ferrari 499P
      • Team
      • News
      • Races
      • Live Streaming
      • Media Gallery
    • Ferrari Driver Academy
      • Home
      • Mission
      • Piloti
      • Mediagallery
      • News
    • Esports
      • Home
      • Scuderia Ferrari Esports Team
      • Ferrari Esports Series
    • Competizioni GT
      • Home
      • News
      • Chi siamo
      • Serie GT
      • Piloti Ufficiali
      • Auto
      • 296 GT3
      • Club Competizioni GT
      • Media Gallery
      • Partner
    • Corse Clienti
      • Home
      • News
      • Chi siamo
      • Calendario
      • Ferrari Challenge
      • XX Programme
      • F1 Clienti
      • Corso Pilota
      • Auto
      • Media Gallery
      • Live Streaming
      • Partner
  • Collezioni
  • Universe
    • News
    • The Official Ferrari Magazine
      • Home
      • Auto
      • Passione
      • Corse
      • Abbonati
    • Musei Ferrari
      • Home
      • Museo Ferrari Maranello
      • Museo Enzo Ferrari Modena
      • Factory Tour
      • Esperienze personalizzate
      • Eventi esclusivi
      • Biglietti e informazioni
    • Ristorante Cavallino
      • Home
      • Storia
      • Massimo Bottura
      • Menu
      • Il Ristorante
      • Contatti
      • Prenota un tavolo
      • Regala un voucher
    • Storia
    • Ferrari Simulation Center
    • Ferrari World Abu Dhabi
    • Ferrari Land Barcelona
  • Corporate
    • Home
    • Chi siamo
    • Governance
      • Overview
      • Consiglio di Amministrazione
      • Comitati
      • Assemblee Azionisti
      • Executive Officers
      • Group Regulations
    • Investors
      • Overview
      • Eventi
      • Risultati, bilanci e presentazioni
      • Azioni e Azionisti
      • Filing e comunicati stampa
      • Analisti
      • Debito
    • Sostenibilità
      • Overview
      • Bilanci
      • Strategia
    • Media
      • Comunicati stampa
      • Media gallery
      • Media Centre
    • Carriere
    Responsible Disclosure Programme

    1. What is Responsible Disclosure in Ferrari

    Responsible Disclosure is an ethical method to report system vulnerabilities in our ICT system, which allows us sufficient time to identify and apply the appropriate countermeasures before these vulnerabilities might become public.

    By following this method, the sender helps us to identify and resolve system flaws, thus providing a valuable and efficient contribution to increase the security of ICT services and customers data and avoiding damage or disruption to our systems.

    2. How Responsible Disclosure works in Ferrari

    Should customers, researchers or experts identify one or more vulnerabilities in any of the following environments:

    • Ferrari portals (e.g.. www.ferrari.com, etc.)
    • Mobile applications bearing the Ferrari logo and published on official stores
    • Other technological instrument or IT services in use or provided by Ferrari

    they can send the information to Ferrari following the procedure laid out below.

    The reporting person must avoid performing any activity that can either disrupt the impacted system or service or cause any data leakage/loss, limiting his/her use of the system/service to the minimum necessary and refraining from accessing data not strictly necessary to prove the existence of the vulnerability.

    3. Reporting a vulnerability responsibly

    Specifically, whoever activates the procedure must send the information via email to responsible_disclosure@ferrari.com. Please include the following technical information:

    • Type of vulnerability or issue
    • Service, product or URL affected
    • IP address from which the vulnerability was identified, together with the date and time of discovery
    • Special configuration or requirements to reproduce the issue
    • Information necessary to reproduce the issue
    • Confirmation that no activity has been performed to disrupt our system or services and that no data has been copy or taken
    • The consensus or not to being listed in the Hall of Fame section, together with an optional personal contact and personal photo, if you want it to be mentioned alongside your Name and Surname.

    Please observe strict secrecy on all information pertaining to the vulnerabilities discovered, and therefore commit not to reveal any of these, entirely or partially, or in any form make them available to third parties without Ferrari authorization.


    Once a notice has been received, Ferrari is committed to following up as follows:

    1. Send an email to the reporting person/entity to acknowledge reception of the mail with the information outlined above. Within 10 days from this confirmation, Ferrari will send a second email with an evaluation of the relevance of the vulnerability and the results of an initial analysis.
    2. Adequately manage the vulnerability report to respect the timeline indicated previously
    3. in case of an eligible report , upon explicit authorization of the reporting person publicly thank the sender in the Hall of Fame section if the necessary authorization accompanied the original mail.


    Below you will find some examples of vulnerability categories, which are considered eligible for publication in the Hall of Fame:

    • Cross Site Scripting (XSS)
    • Cross Site Request Forgery (CSRF)
    • Injection (i.e. SQL injection, user input)
    • Broken Authentication and Session Management
    • Broken Access Control
    • Security Misconfiguration
    • Redirect / Man in the Middle attacks
    • Remote code execution
    • Underprotected API
    • Privilege Escalation


    On the other hand, the following situations are not covered by this Responsible Disclosure initiative and therefore are not eligible for the Hall of Fame:

    • Situations that are not inherent to security aspects (i.e. unavailability of a service, non-security bugs in a GUI, etc.) and therefore managed through traditional channels of customer care.
    • Problems regarding phishing or spam and vulnerabilities inherent to social engineering techniques; these must be signaled either via email to abuse@ferrari.com. If the original email contains a suspicious attachment, please make sure that it is not included in your message, as this will like cause your email to be blocked.
    • Results of automatic tools for vulnerability assessment/penetration testing (i.e. Nessus, nmap, …).
    • Reports on the use of weak configurations of the TLS protocol, or reports on non-compliance with best practices such as, for example, the lack of security headers.


    While carrying out your activities please respect the following rules:

    • report the vulnerability to us in the manner set out above;
    • report the vulnerability as soon as you can to prevent that threat actors exploit the vulnerability before we have a chance to fix it;
    • report the vulnerability with us while keeping the information confidential (in particular if it concerns personal data);
    • do not use social engineering or phishing to gain access to our IT infrastructure or services;
    • do not install your own backdoor or execute code in our systems to disclose the vulnerability as this may result in unnecessary damage and security risks;
    • do not exploit a vulnerability beyond what’s necessary to confirm the vulnerability;
    • do not modify the system/service or data in any manner;
    • do not use Denial of Service attacks, aggressive and/or automated scanning or brute force access technology;
    • do not negatively impact the confidentiality, integrity or availability of our services or our data;
    • Certain hacking activities constitute criminal actions. To protect you and us please act in good faith and follow these rules of ethical engagement
    4. Hall of fame

    We would like to thank all persons who make a responsible disclosure to us and recognize their valuable contribution in increasing the security of our products and services for our benefit and for the benefit of our customers by featuring those contributors in our hall of fame.

    Go to the Hall of fame

    Ferrari reserves the right to update this Responsible Disclosure programme at any time.


    If at any time you have questions about this programme, feel free to reach out to responsible_disclosure@ferrari.com


    This programme is based on guidance issued in 2022 by Enisa, available here:

    Coordinated Vulnerability Disclosure policies in the EU
    Good practice guide on vulnerability disclosure
    Vuoi restare aggiornato sulle ultime novità?
    Auto
    • Gamma
    • Configuratore Ferrari
    • Personalizzazioni
    • Servizi
    • Officine Classiche
    • Corsi di guida
    • Usato Certificato
    • Concessionari
    • MyFerrari App
    • Recall information
    • TechInfo
    • Servizi Finanziari
    Scuderia Ferrari
    • SF-23
    • Charles Leclerc
    • Carlos Sainz
    • News
    • Media gallery
    • Gare
    • Storia della Scuderia Ferrari
    • Ferrari Driver Academy
    • Partner
    • Ferrari F1 Club
    • Scuderia Ferrari Member
    • Scuderia Ferrari Club Locator
    Collezioni
    • Uomo
    • Donna
    • Bambino
    • Orologi Ferrari
    • Scarpe Ferrari
    • Scuderia Ferrari Replica
    • Occhiali da sole Ray-Ban
    • Memorabilia Ferrari
    • Ferrari Store Locator
    Races
    • Competizioni GT
    • Corse Clienti
    • Ferrari Challenge
    • XX Programme
    • F1 Clienti
    • Club Competizioni GT
    Universe
    • News
    • The Official Ferrari Magazine
    • Musei Ferrari
    • Ristorante Cavallino
    • Storia
    • Ferrari Simulation Center
    • Ferrari World Abu Dhabi
    • Ferrari Land Barcelona
    FacebookFacebook
    • Ferrari Official
    • Scuderia Ferrari
    • Ferrari Races
    • FDA
    • Ferrari Esports
    • Ferrari Style
    • Musei Ferrari
    • Ristorante Cavallino
    InstagramInstagram
    • Ferrari Official
    • Scuderia Ferrari
    • Ferrari Races
    • Ferrari Hypercar
    • Ferrari Driver Academy
    • Ferrari Esports
    • Ferrari Style
    • Musei Ferrari
    • Ristorante Cavallino
    LinkedinLinkedin
    • Ferrari Official
    • Scuderia Ferrari
    Tik TokTik Tok
    • Ferrari
    TwitchTwitch
    • Ferrari Esports
    TwitterTwitter
    • Ferrari Official
    • Scuderia Ferrari
    • Ferrari Races
    • Ferrari Hypercar
    • Ferrari Driver Academy
    • Ferrari Esports
    • Ferrari Style
    • Musei Ferrari
    YouTubeYouTube
    • Ferrari Official
    Ferrari
    Ferrari N.V. - Società capogruppo - Società di diritto olandese con official seat ad Amsterdam, Paesi Bassi e indirizzo in via Abetone Inferiore n. 4, I-41053 Maranello (MO), Italia, iscrizione al Registro del Commercio olandese n. 64060977 

    Ferrari S.p.A. - Società di diritto italiano con sede legale in via Emilia Est n. 1163, Modena, Italia, numero del Registro Imprese di Modena, P. IVA e codice fiscale 00159560366 e capitale sociale di Euro 20.260.000

    Copyright 2023 - All rights reserved
    • Legal
    • Privacy Policy
    • Cookie Policy
    • Invia la tua richiesta privacy
    • Accessibilità
    • Contatti
    • Media Centre
    • Career
    • Corporate ITA
    • Corporate ENG
    • Responsible Disclosure
    Italy
    Logo partner