It is an essential part of the Electro-Voice Quality Promise that we provide product security and protect our customers’ privacy throughout the entire product life cycle. To achieve this Electro-Voice established a global Product Security Team and made security an integral part of Electro-Voice’s processes. The Product Security Incident Response Team (PSIRT) is the central point of contact for external security researchers, partners, and customers to report security concerns related to products of Electro-Voice.
Apache Log4j Vulnerability
We are aware of the Apache Log4j Vulnerability (CVE-2021-44228) “Log4Shell”.
We are currently analyzing if any of our products are affected. In case any of our products are affected, we will publish respective Security Advisories on this web site: https://www.boschsecurity.com/xc/en/support/product-security/security-advisories.html.
Our Remote Portal and Cloud Analytics Services are all patched to a non-vulnerable version of Log4j and were not impacted.
Product Security throughout the life cycle of Electro-Voice's products & services
In order to provide secure and reliable products for our customers, we have established security and data protection as fundamental requirements of our products during the entire life cycle.
Security with Supplier
We have high quality requirements for purchased products. To ensure security of purchased products, modules and components we evaluate each supplier with respect to product security, as an integral part of our purchasing process.
Security Engineering Process
Security Engineering Process is a core part in our product development. Whenever we develop a new product, we conduct a comprehensive Threat and Risk Analysis, and create an individual Security Concept for the product and its integration into a complete solution. During design phase and before release we ensure product security by comprehensive testing (security and penetration tests). Any following updates, patches or upgrades will undergo the same rigorous tests, and will only be deployed once they have proven to be secure.
Vulnerability & Incident Management
Because requirements are constantly changing, 100% security is never guaranteed. Therefore a structured Vulnerability and Incident Management Process is established to professionally manage potential product security vulnerabilities and incidents.
Reporting Product Security Vulnerabilities
Electro-Voice takes security very seriously, and investigates all vulnerability reports.
Whenever you think you have identified a vulnerability or any other security issue related to an Electro-Voice product or service, please contact the Product Security Incident Response Team (PSIRT):