As a growing percentage of energy on the grid is being supplied by PV, it is vital that the industry takes a pro-active approach to enhancing the cyber security of all systems. Being a global leader in the PV industry, SolarEdge is dedicated to advancing cyber security in order to maintain confidence in and uphold the reputation of the solar industry.
Extensive efforts have been undertaken by SolarEdge to advance cyber security in order to protect the integrity of the company’s products, solutions, platforms, and data. Extending its cyber security activities to collaborate with the cyber industry, SolarEdge employs a Responsible Disclosure Policy which includes a Bug Bounty Program designed to help identify and fix any potential flaws in the company’s services or products.
The Bug Bounty Program encourages cyber experts to communicate to SolarEdge any cyber security vulnerabilities they have uncovered and provide the Company with the opportunity to address such vulnerabilities before going public, in accordance with the terms of the program. SolarEdge offers rewards and monetary compensation for legitimate reports on cyber security threats following validation and verification. In accordance with our Responsible Disclosure Policy, SolarEdge will disclose these vulnerabilities after a stipulated period of time that first allows the Company to resolve them and thereby maintain the highest possible security of SolarEdge’s platforms and services for all stakeholders. Please ensure to submit reports using the official Vulnerability Reporting Form, and review the below terms and conditions.
As part of our Responsible Disclosure Policy, SolarEdge is committed to working with the industry to create standards and practices that can help establish improved security mechanisms between the utilities, PV systems and ancillary services. The Company pledges to share pertinent cyber security information and vulnerabilities with the PV market.
Responsible Disclosure Policy
SolarEdge will not undertake legal action, against any individual or entity that reports a cyber security vulnerability if all policies are followed. As part of the responsible disclosure policy, SolarEdge requires there will be:
- Time to investigate and rectify any issues reported before sharing information publicly or with others
- No interaction with or disruptions to individual accounts
- No exploitation of the security vulnerability discovered
- No use of other’s data or information
- Only penetration testing performed on live PV systems. If or once penetration is achieved, the vulnerability must be reported immediately; no additional testing is permitted
- Compliance with applicable laws
Bug Bounty Program
SolarEdge offers compensation to cyber experts who report cyber security vulnerabilities. The compensation offered is completely at the Company's discretion and is based upon risk, impact, ease of exploitation, quality of the report, and additional considerations. If offered, the minimum reward is $50.
As part of the bug bounty policy, SolarEdge requires:
- Adherence to the above responsible disclosure policy
- The bug must actually present a security risk
To officially report a security vulnerability as part of the responsible disclosure or bug bounty program, please fill out the following form: