Axis follows industry best practices in managing and responding to security vulnerabilities in our products to minimize customers risk of exposure. Axis cannot guarantee that products and services are free from flaws that may be exploited for malicious attacks. Therefore we monitor known vulnerabilities referred to as CVE (Common Vulnerabilities and Exposure). CVEs that Axis identify as critical or caused by Axis will be prioritized and often announced with a Security Advisory. The vulnerability archive transparently lists both Open Source and Axis vulnerabilities that have been brought to our attention.

In the case that you have discovered a new vulnerability in Open Source, you are encouraged to submit your discovery via email to product-security@axis.com. Sensitive content can be encrypted using our public PGP key. Note that Axis does not operate any bug bounty programs, however we credit the person responsible for the discovery. For more information about Axis vulnerability management, please refer to the Axis Vulnerability Policy.