Sort results by
Sort results by

Vulnerability disclosure program

Maintaining the trust and confidence that consumers, customers, employees and suppliers place in us, is a top priority at Nestlé. That is why we do our utmost to ensure the security of our systems and to protect our information and any information (be that personal, sensitive or otherwise) entrusted to us.

We take cybersecurity very seriously. As an extra layer of protection to our cybersecurity program, we are committed to working with skilled security researchers across the globe to help identify and mitigate any potential security vulnerabilities in our systems not already detected through our internal controls.

Our Vulnerability Disclosure Program (VDP) is a structured framework for security researchers to identify and submit security vulnerabilities to us.
 

How can you report a vulnerability?

If you believe you have discovered a security vulnerability in one of our assets, we encourage you to notify us through our Vulnerability Disclosure Program
 

What happens after you submit a report?

After receiving your report of a potential vulnerability, we will follow a series of steps to investigate the case, and if confirmed, take all the necessary corrective actions as appropriate to promptly resolve it and avoid any future recurrence.

We commit to doing our best to keep you informed at each stage of the process. Please note that the investigation may take some time to complete.

While working with us, we kindly ask you keep the matter confidential and to respect our privacy. We ask that you do not exploit a vulnerability or save, transmit or disclose our data publicly.

We greatly appreciate the efforts of security enthusiasts who share their findings with us, enabling us to strengthen our cybersecurity efforts across our organization.