Answer

GE Aerospace PSIRT Product Security Incident and Vulnerability Management procedures are consistent with ISO 29147 and 30111 for identifying, validating, mitigating, and communicating vulnerabilities in GE Aerospace products. Consistent with these standards and our company’s security culture, GE Aerospace regularly partners with researchers, academia, government, and coordinating authorities to continuously assess for vulnerabilities and improve security in our products. In addition, GE Aerospace regularly discloses to its customers mitigations and remediation for GE Aerospace product vulnerabilities, both directly and in cooperation with coordinating authorities. Consistent with responsible disclosure practices, GE Aerospace does not publicly communicate information concerning vulnerabilities unless a remediation is available. Public disclosure is the release, either intentionally or unintentionally, of vulnerability information to any individual or organization other than GE Aerospace, the individual or entity that identified the vulnerability, and a coordinating authority (ex – NCCIC/ICS-CERT).