Vulnerability Disclosure Policy (VDP)

1. Introduction

Yamaha collects and discloses vulnerabilities to ensure the security of Yamaha products and services and to protect customers from cyber threats.

2. Target products

This Vulnerability Disclosure Policy applies to products and applications, applications and services provided by Yamaha for use in connection with Yamaha products (“products”).

3. Inquiry

If you discover any vulnerabilities, submit reports via the following contact point.

Contact Us

When submitting reports, indicate that they are related to the vulnerabilities and provide the following information.

  • Contact information of the reporter (name, country/region, e-mail address, etc.)
  • Name of the products, applications, or services containing the vulnerabilities
  • Version of the software or application containing the vulnerabilities
  • Type of the vulnerabilities, if known (buffer overflow, RCE, etc.)
  • Detailed steps/procedure for reproducing the vulnerabilities
  • Impact if the vulnerabilities are exploited (service outage, personal information leakage, etc.)

4. Response

Yamaha typically acknowledges the reporter within 5 business days of receiving the vulnerabilities. However, confirmation of receipt may be delayed due to other circumstances. Upon receipt of the vulnerabilities, Yamaha will confirm their contents and resolve any issues as necessary.

5. Bug bounty

Yamaha does not provide rewards (monetary or otherwise) to reporters, regardless of the nature of the vulnerability in the affected product.

6. Notice

Reporters must not disclose information about discovered vulnerabilities to third parties outside our company without our permission prior to our company's public disclosure. Reporters must also properly manage information about discovered vulnerabilities to prevent its leakage to third parties.
Reporters must not disclose any part or all of our company's response to the report to third parties.

7. Privacy Policy

Yamaha handles the personal information of the reporter in accordance with the following Global Privacy Policy.

Global Privacy Policy