Raytheon Technologies Corporation (“RTX”) and our businesses are committed to the safety and security of our products, systems, and customer information. We accept good-faith, responsible reporting of potential security vulnerabilities in any public facing product, system, or asset made by or belonging to RTX or its businesses.

If you believe you have found a security vulnerability in a public facing RTX product, system, or asset, please review the vulnerability reporting guidelines and submit the form below.

Vulnerability Reporting Guidelines

  • This vulnerability disclosure program is not intended for use by individuals and entities affiliated with and/or are business partners of RTX. RTX suppliers and customers should contact their RTX business point of contact to report potential vulnerabilities, while RTX employees and contractors should use their business reporting channels in accordance with RTX policies and procedures.
  • Do not engage in activity that could potentially harm or compromise the safety or privacy of any RTX employees, our customers, suppliers, RTX, or any third parties.
  • Do not engage in threats or extortion attempts.
  • Do not engage in social engineering, including spear phishing.
  • Do not access, exfiltrate, transfer, store, destroy, or otherwise compromise any RTX, customer, supplier, or any third-party data.
  • Do not take any action that can potentially degrade, halt or render inaccessible our systems, assets, products or data (e.g., denial of service testing)
  • Notify RTX, and halt all activity, if you encounter personal information or proprietary data.
  • Use RTX approved disclosure channels to report vulnerability information to us.
  • Provide RTX reasonable time to resolve any reported issue, including any necessary review and approval of the resolution by regulators before such information is shared with others. The disclosure restriction noted in this line-item does not apply to any disclosure to the government regulator or any relevant government agency.

Report a Vulnerability

By clicking Submit on the form below, you acknowledge and agree to the terms of this disclosure process, including with respect to confidentiality, disclosure, and compliance with applicable law. Any personal information you provide in your report or follow-up related to your report is subject to the General Privacy Notice.

Frequently asked questions

Will I receive a response after reporting a vulnerability?

  • We will typically acknowledge receipt of your submission within three business days. You may follow up on previous submissions using the submission form.

Will my submission be treated confidentially?

  • Personal data RTX receives in connection with a submission will be protected in accordance with RTX’s privacy policies and applicable laws. Subject to the above, you otherwise consent to RTX and its suppliers and customers using the information provided to address any potential vulnerability in any products, systems, or assets made by or belonging to RTX or its businesses. RTX accepts anonymous submissions.

Will you recognize me if I report a vulnerability?

  • Personal data RTX receives in connection with a submission will be protected in accordance with RTX’s privacy policies and applicable laws. Subject to the above, you otherwise consent to RTX and its suppliers and customers using the information provided to address any potential vulnerability in any products, systems, or assets made by or belonging to RTX or its businesses. RTX accepts anonymous submissions.

 

If at any time you have questions, concerns or are uncertain whether your research is consistent with this policy, please contact us through the form above.