Share this: 

Report a Security Vulnerability

If you believe you have found a vulnerability in Blue Coat products, cloud services, or IT infrastructure that has not been resolved, please contact Symantec.

Please provide the following information:

  • Product name and version number, or service name, and date the vulnerability was observed.
  • Description of the vulnerability.
  • Instructions to duplicate the vulnerability (this can be written steps, a video, or a set of screen captures).
  • Your name and company (if applicable).
  • Your preferred contact information (email, phone, anonymous).
  • Your PGP or GPG certificate to allow for encrypted communication.

Symantec will confirm receipt of your report within 48 hours. Symantec will then contact you directly within 5 business days to confirm the vulnerability, ask for clarification, or to provide information as to why the observed behavior is not a vulnerability.

Symantec urges reporters to encrypt sensitive information to protect it from being viewed by unintended recipients. Symantec can exchange encrypted email with you using PGP and GPG.

The PGP key for the Symantec PSIRT ([email protected]) has the following properties:

User-ID:     SymantecSSG_VulnerabilityManagement [email protected]
Validity:         Valid from 2016-08-08, does not expire
Certificate type:   4,096-bit RSA
Certificate usage:   Signing E-mails and Files, Encrypting E-mails and Files, Certifying other Certificates
Key-ID:   B56C28FC
Fingerprint:   10A545586385C154D70B7EBF774D896DB56C28FC

The fingerprint can be verified by contacting the Symantec PSIRT at [email protected].

The GPG public key for the Symantec PSIRT is below.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: Encryption Desktop 10.3.2 (Build 16127)

mQINBFe1xF4BEACZvdQ7VkHTyJ4684G4Cy1Yb0NjKY6w8q81u+FKxzBfKckzukC5
2q69DO8eHFZiXep+q5OPh93JCejdC58mG9dkEbLTB10Y7RuHwvQTPcYW25cFfKhT
TOyCXx9XDC6HxTRgtg7oDWclq+q+kgR5fZh/UeO4t9/6bnn016X2lkwcnfUCYilb
lMpjTGKnlQ9roZngOmHQlLdpkhhg5nm/FA4oLJwiBuJcLJkSVYpDOejWGztf9s4a
GrxSZbhFdJ5FtUsL8z45BnmHsHlN3O12Bhp2P3frzgqwwVW5Z2sI/uzH9M7n6tXI
QviE3ZIVkcl9r9zufyN0ZmqppXHCklaImHbu6ZaqV4u1+DuWLTtJMuUlsEWfZ7la
vdlPSKGu/pn3WvaKWcmM+ivTW6StY1+4sNjr5x+ss6FkJlIiC2CSw6OEX+X+7Y03
D8LW1NSTdOWEFIkszzMtWL/tnwnyFYQ5/y4+sBX7xvT/coaMVRQ0SLQEh9KOSmvn
x/oFALXm+XRwHh3f6gJxEUsiDBt4/ChW/FCbW2k5rWaDZkGa/sF7weAVy3InLhhd
ZZHczEoghooPoc2ZUtPR53z/kjSzurX0xusodiyYnT/RXMwAH4rLwMrhcWZeZj5o
nI8I53D1LQ8EWRMyJvdqbadDnHTv0W3yS/oS0FKmBc8ZUGtxSg8JSlputQARAQAB
tDlTeW1hbnRlY1NTR19WdWxuZXJhYmlsaXR5TWFuYWdlbWVudCA8c2VjdXJlQHN5
bWFudGVjLmNvbT6JAo4EEAECAHgFAle1xGEgFAAAAAAAFgABa2V5LXVzYWdlLW1h
c2tAcGdwLmNvbY8wFIAAAAAAIAAHcHJlZmVycmVkLWVtYWlsLWVuY29kaW5nQHBn
cC5jb21wZ3BtaW1lBwsJCAcDAgoCGQEFGwMAAAADFgIBBR4BAAAABBUICQoACgkQ
d02JbbVsKPzblA//dSCPzQNOOx8oURdOR6ymJLe7URsgkkQ2Fnl/Z4leHMBg5PFZ
jN07gmj5cb51IYNZ0Xah9++nNAqL1CpOUvTia18a59E6a7Be++aifKblpfq3D3R8
3eWvcesuE46OcpbBACX5+W3KwYqJ45t3EVuMGnfEfH73QwHAqfflFpAzB116Mlfl
x9YC4RATNQQLZ4tM6JGAdejpjSXgrr6TcdAw+b+Ir8BX6EhBkInqRBG5f8uY4ZNt
LZ3kQcsw1lLIKKMHEi8xwrFkT5UeOh0TobMfwYrLghthoMy0wW41sb4Vl+tn8i/b
N5rfr5ywf2/QZghpRpSD9aqAwO+C/2cPxOBDsJewee25VAvDON+5VMB42u9UUQJg
5JSAfwAFSTF97cU/ngIwNnnlU+NidqUuxLdQGPRvLTp/I8Hl1JCXS7D0SeacyjyB
x6kqKmjgEJkgJteoPfLkurJVhvv7hAxJAi3iJ3Gk/rArSNQaj+dmaP7KQ+xpvgnx
4laI5oo3tcvX9UhulnW4IQDtsm1tkcl4eJCrkNNWPDUmavaEaAJqcBpC1g8Zf+wg
HiPtlXGcby6Q1/vZXOhNiWWpxWt88AlV1+ZQI8sqQUNAj2PfQq4cgCxzGUdtdBAE
4qTn63HOwh1uR/ZpVxfD9eCGdJKJNuGO6qm6m6zc9DbcTNmj1AY4K+w6kKS5Ag0E
V7XEXwEQAK6reiUuhQ+tsiUWOGQPd2KybzLmScPVIYF73JpKj4tEGhmcVgvJ26l5
XayE2HSWFUo4S29LYTFlHQrlD8TQM5YR7zujpCcZzHs+jd8EaXIHOhXYyFIWbwWV
TAqw004uh7Ki7/BoEmn7uWzDFtCOKW2H8wSX4XAUoXB8lr1vb/CCkjdAxCZZLW/X
ICkfdEXpYVyUr/SImL8s8BcFN+IhdH5Z4FLi1H/+m/ibs/ksjf6u4SCjEKkZGbrz
qbGkNouXdAkuSxxJ4jigNbJah8Mavw3Zsf8sVd6G2XSa6g/GCoaRsSs2O4E0Q4nj
XUZLUVWSFOuWqO3AL4ktobDFKcOeDRhkCyH6OUfzniZeOaNJk0o5FhoIoPqnYgxY
abLeCKSU242cO0WOvcB4GeOPShpASj8b5Az4Wwf/deRwbrDYLslaH6Y5oCZdKcBc
my2rn/mCRLNZ8ItNXUzMLyy2JH1LdFONo1VtvqmTepE90EJwxFViXHogVE4bPA9f
k7JgLBw3N/tr7Q24iOd8H2ycGL6SBzyy7q2qFxD+ifwiCycqw60cKB+9bA5IPReF
SX9wAvXtPt7hkKuouS29Jn6a7Fg9K36ytIYIeyAoUKRBImJhqsBplUU8txeq39UL
ctPvUD2fn3Nv1nwPRLdyBC3m5lVhoX+JxIjnu+etFYP8SodoYzLVABEBAAGJBEEE
GAECAisFAle1xGAFGwwAAADBXSAEGQEIAAYFAle1xGAACgkQ1hZ6sUfxlFjK2A/9
EL2hbmEiOkhkMXTfGY/RPPSN1BxqQSdWJFU2todTE1eg5aG9kI2dNjM6uzD5DR3K
vBYJj1+VAsFt1aphvds6/tgDOchsEK0nEBUwTgkha2MdFj5/PH8SFuDJoXE3N0gY
g3cMLm+XJNie7a8JkLqYhpWvgHx5sTnaRWvGSnWpCZpENsjoNPqHVSz+td7uKC0G
Z/etjkG7Dssyalf6/NwKhRrkvijhoECgof1oWfCqkl6wBw6waje5rSWXaZzRNlcU
GM9+rEGdzul0EcAMulUFuEqnOLIU9MMYPCAgfXb62ad3fnKOY9J04rFjuRO9lKR6
5db47mkMYpkG766QhkiUZ56rzyMP501rmIA4huqclPnVuw41SM5qG3Y5J2gEu+o8
kVlUYLPTPncH3wkjFcfPiRIfiBPh2c3XfAnbaWbuu6e7ef5V5E+qKST+X/cVfkaq
tvfMJINwYedyo/pY688vrD9Platup1ISkX0QtzYtnJhwDasNgvq80SUBvl0qirC1
Nibf2vP5CwxBHeuwjefEo+8gWYhUmzBjfgYv760E/FWyK7wu9mbmwX0Y6QVtj9+W
DoJ7HbgHnynhIcDjZWyF3a3ldVtlOTNmaHCizZjagSe2W7a/xKJgg2Oraa1IxC9w
x3Ol9pwACgFAgTGrWEU6x3wYKgvpgo60b1K1pu2eQ0AACgkQd02JbbVsKPyxtQ/9
FCBDurhKCiShneE5Lvh6SLwmM71L1WjWPj3bWrL2XE5ZOasmnfyjIbTLVoLAKMPP
3NC52HdAr/lHEm34E5D/R5Hjb6i1nvgas4imAbOgTMdroaug3APNpPzpOhCQAA3w
g3uhFfaU8BhhNqLFnbP1mmH9o2WgWuj10yvWEBLFUShJEw0yi5sh5upVyMIGlqRo
1zf34LimawrflP7C1kBXN8yG8x8j4F+SW4jGND7ATa2dA3tV9LSfaqWIUKUk/neL
g2jqAZllaV+Y5m4vyRD0ysTgn0kQ17uaTlOsjsSSNILbgl381Wdctk8ezDvQbOk6
Dgm/jOR3RbwSNJ5SRySBN55PkFmYYUpvijnAv7Rv3ffPW055xOb2zrAqKSYi9G+9
bcrGQdwFOe6Zv46UqJmG/JIl6Jb1dNL5oEHxRbn2AqV8fxTB61DquLs+72oFhCeP
Gj6EDdcEawprM3vGJRyVvfoTNPsq5BWOnmS1RXhz3bXHcmhHDg8ekQOG5PygPmey
C6DPGK04lMfM4nW18yS1h+/IQW9W5C/jxodA0Ma3dmc65BZvMy2o3f2l9fy7pPEH
vGMGQcTRav2JpBaM1jw7Ry9wNvbHj8ZHXy2tObtcbmuyJANCUhrQvKw9KLmyhEz2
+WY8LVTx7d4bR0sYRopRUYuO1/OS/E8rOITTvL2d334=
=DMTs
-----END PGP PUBLIC KEY BLOCK-----

 

The PGP key for the Symantec GSO Security Operations Center ([email protected]) has the following properties:
User-ID:     Symantec GSO Security Operations Center [email protected]
Validity:         Valid from 2017-02-24, does not expire
Certificate type:   2,048-bit RSA
Certificate usage:   Signing E-mails and Files, Encrypting E-mails and Files, Certifying other Certificates
Key-ID:   8EE35777
Fingerprint:   0A860C1E350B06C6E9319F4C588AA6F98EE35777

The fingerprint can be verified by contacting the Symantec GSO Security Operations Center at [email protected].

The GPG public key for the Symantec GSO Security Operations Center is below.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: Encryption Desktop 10.3.2 (Build 16127)

mQENBFiwV68BCACdtxLws8sEg+wmJat9S3Ie9rXBMIZXdx3gVVKqv4RadD5F++qK
uOLw3V5fqjWra742oE8+RDPvkfhTuyVp606h1Ht/cINNTk9PmBrSx42xb8E6ExEs
JhR+toN2UTjzDpqfDD64JK25sC+VZpAqtUsvaa/kLBygoQLji9HCc/xuVW5CFQwX
B9k6KyjcR7QBRjxkFGDVgvtWtIHpWR9/r2BNIF/0iXtsclMZSOEwoaT4oEd77zS7
fwfuv5NlJoI1m+uacNChh5dtq7DykPUIg8fROnHlhmcD/A764h5tStKCLhcIjjWN
lkAdMWxkQbJNdefNnObedqoc9kr+BmyNOIkDABEBAAG0P1N5bWFudGVjIEdTTyBT
ZWN1cml0eSBPcGVyYXRpb25zIENlbnRlciA8c2VjdXJpdHlAc3ltYW50ZWMuY29t
PokBjwQQAQIAeQUCWLBXsSAUAAAAAAAWAAFrZXktdXNhZ2UtbWFza0BwZ3AuY29t
hjAUgAAAAAAgAAdwcmVmZXJyZWQtZW1haWwtZW5jb2RpbmdAcGdwLmNvbXBncG1p
bWUICwkIBwMCAQoCGQEFGwMAAAADFgIBBR4BAAAABBUICQoACgkQWIqm+Y7jV3dv
8Qf/XdBXUPawrrm2NFa4H2lvolUZylwWRCHpREJI2ah78vlN2mzxynOgH514L9bo
A5CJJ/F0CgMFdIgiD3dGKlItzDHGbz7YVHa7fzj2rXXvnNdH1iEoYUVVhVFLOz7X
UCKedj8KAMtJdcF2hoEiYIDOZ6KSzRTPL/DZmt931JS+vW29ypw3SJF9qphdPvhW
WK8ig5fsDfFxSL2RqknxFJT+FeGPiQGic/Eo4dXk1DfDue16rviwHV8LAHaPpkqJ
TjQ/0pG8fmta/t7hBVfTX33iobXB5NVl+q0zc7x1bZIb6Zspr9n73dqJycsmG2Ep
fRrS5/wbMOZQs/JRmFvEhlACTLQ/U3ltYW50ZWMgR1NPIFNlY3VyaXR5IE9wZXJh
dGlvbnMgQ2VudGVyIDxpbmZvc2VjMkBzeW1hbnRlYy5jb20+iQGMBBABAgB2BQJY
sFewIBQAAAAAABYAAWtleS11c2FnZS1tYXNrQHBncC5jb22GMBSAAAAAACAAB3By
ZWZlcnJlZC1lbWFpbC1lbmNvZGluZ0BwZ3AuY29tcGdwbWltZQgLCQgHAwIBCgUb
AwAAAAMWAgEFHgEAAAAEFQgJCgAKCRBYiqb5juNXd+wBCACSvoaUh21rcrLdLkhL
IqJtFYu0/83tXzt1Cy1kAxvmNyA3uuBDZlDu4WnmBIxxQk7O++NZZiZqa4sYK4Rg
YeXwZBSLE/xSkJvtZT0SrXTy2J+phuhd5U86XFazJDIYnwDEyn/MBs/4fdWXNd62
ltjsiawyHl6/ypY3xl05+pEdB/VKp7wlm5e0xS/eBCPb7MdC2Jn8VWUjvPtq3Vns
JTnnni8BS0Vdc90L6S7zhNLBAkldmIzURgUtp0nt/Lu7HXuD7GGpJf0t1/RQ4p62
Z909OSTJ8aQ9VOyaYUuOysYWC+W11cMdtMf4YCHoKDDP0/O6BvwZUsyLFyvoskww
8xD4uQENBFiwV68BCAC/C6p6/oxUO1DYoHcMMjY7pc/65fuxWnNN2/arJ65G0V8N
5uq0OQ5svNRwVdESZjsY67i89AQyQmC46bm38wcsuyUKrB02NgAdYbxcc4paCx9B
JGL/mtn6AN2PqJUGfsb5djIOPTnkQvQcZSHJsPvkDlgM3W0cLw2kKHh74xQGee0n
RFksLHVpb6fTc0OyKNJtZ2NiHJIAVfooOV17T3dOd1Bc3/qC8mgVRRPFPrCkucmr
C3ahexT9D3b9zv8cDxMZ9HqJB/0Ep9SRiv5c3Ptuawvi0PDCOxf8yOOfXP01BRy+
q1fpuzkM7Yife/VazSC+FAJgGXqIuCcVH0AiizI3ABEBAAGJAkEEGAECASsFAliw
V7AFGwwAAADAXSAEGQEIAAYFAliwV7AACgkQ0ZTecDjg0kW0wgf/a91F/B8ggAtC
9DkKpBnrkfOA61XDZgPz7kWe0X/NUYcc2ds39VTO7h65jbGthnS4221FUWX7DW29
juHtGlH/1be059KoTFry1wmDRkXFKmoZNTq1RipeKQnXWbR7kSDYIiNnYjXT7Nuq
ak1LE0zg0JZbMuEW+w4B9XfB5Ut/XnOs+xV7NhsB9g3Ki1cx0bFPZfvsNevxzN6L
X3Z+uOMmW3J3J5tayOMpjchnMc1Uc0He1pW6wNUDxb/fqxk47CBrBI4O4lBzbVD5
FYJM3v3GEA+W/UIHHUzAun+iWMs3MjmdE5h1TCcmm43+MWiST9hAPrRXMpWABsfc
go9/kx3zWgAKCRBYiqb5juNXdzy7B/0S+orZfx35Al4AgFe7QueayX6D+5CRP9DH
MoPlHesAgaBJs/PAluBJxSsTGZsSreFhiHzXqES0b3GYRuHCLaAzoRzShhARxG0g
JX4RpcVqq9kmVvr2LPbetMgOAUS0oo+fYEV1IZn3ghCjws4dh28m4laKKIzxzwMi
GBfBHZbsFA3a6jbMuqxEztplN77T+7ByGYfnmc+dmpJ9Ht7/RoG4slXoRtG8eZ4s
+xc92bjRfmoqLZrxfgLcduyC43CAFlg79BGN6xx9/XHf0IK8auM4Lf6vwtEmUQXj
zlK1+03fdmUXLi7lzIaH8wI2j3VbRpAly7o4bIpUqMx+i6APsCIt
=aAXa
-----END PGP PUBLIC KEY BLOCK-----