Global security—Vulnerability disclosure

Nuance Vulnerability Disclosure Program

At Nuance, we take cybersecurity seriously, and the security of our systems is of paramount importance. We care deeply about maintaining the trust and confidence that our customers place in us. If you are a security researcher and discover a security vulnerability in one of our systems, we encourage you to disclose it to us in a responsible manner. We engage with security researchers when vulnerabilities are reported to us in accordance with our Vulnerability Disclosure Program Policy.

Vulnerability Disclosure Policy

If you identify a valid security vulnerability in compliance with our Vulnerability Disclosure Policy, Nuance commits to working with you to understand and validate the issue, and to address the risk (if deemed appropriate by Nuance).

Public disclosure of the submission details of any identified or alleged vulnerability without express written consent from Nuance will deem the submission as noncompliant with this Vulnerability Disclosure Policy.

Contacting or attempting to directly engage Nuance, Nuance employees or representatives outside of this program will disqualify you from participation in this program.

In addition, to remain compliant you are prohibited from:

  • Accessing, downloading, or modifying data residing in an account that does not belong to you
  • Executing or attempting to execute any “Denial of Service” attack
  • Posting, transmitting, uploading, linking to, sending, or storing any malicious software
  • Testing in a manner that would result in the sending unsolicited or unauthorized junk mail, spam, pyramid schemes, or other forms of unsolicited messages
  • Testing in a manner that would degrade the operation of any Nuance system
  • Testing third-party applications, websites, or services that integrate with or link to Nuance system
  • Accessing, viewing, using, downloading or transferring any “Personal Information” (as that term is defined under relevant privacy laws) including names, ID numbers, account number, email addresses

Vulnerability Disclosure

We encourage security researchers to share the details of any suspected vulnerabilities with the Nuance Security Team by submitting the form below. The Nuance Security Team will review each submission to determine the validity of the reported finding. When submitting the request, please include a description of the location and potential impact of the vulnerability, and explain the detailed steps required to reproduce the vulnerability. Add technical information and related materials we would need to reproduce the issue such as Proof of Concept (POC) scripts, screenshots, and screen captures—these are all helpful.

Please use extreme care to properly label and protect any exploit code.  

All information, content, and materials, available on this site are for general informational purposes only, and do not amend or supersede the express terms of any agreement, any transaction, or any rights or obligations you may have under applicable law, create any rights or obligations, or otherwise affect your or Nuance’s liabilities and obligations. The content is provided "as is;" with no representations as to whether the materials are applicable to any particular service, jurisdiction or location. For specific information regarding your account, please reference to your agreement with Nuance and Nuance’s privacy policy.