Vulnerability Reporting

If you believe you have found a security vulnerability in one of our products or services, please send an email to productsecurity@otis.com with enough information to help us better understand the nature and scope of the potential issue.

Any information is helpful, but we would like to know the following:

• Product or service and software/hardware version if known;
• Type of issue and the potential impact it may cause;
• Instructions and proof-of-concept code to reproduce the issue; and
• Any information regarding the use case scenario and any safeguards already in place.

We encourage the use of our PGP key to send the information in an encrypted manner. Please access our PGP key here.

If you do not have access to an encrypted email application that can use PGP keys, please send us your contact information and someone from our incident response team will contact you. Please do not transmit sensitive information in plain text to the email address provided above.

You should receive a confirmation of our receipt of your email or similar response within 48 hours. Our response will include additional information to enable secure communication. Please follow up with us if you have not received a response within this time frame.