Renault Group

ASRG is now a CNA!

Automotive Security Research Group (ASRG) is now a CVE Numbering Authority (CNA) for all automotive and related infrastructure vulnerabilities. We are looking forward to working together with the community and partners to disclose vulnerabilities responsibly. ASRG’s Root is the CISA ICS Top-Level Root. Please find more information at


Stellantis (Fiat Chrysler)

Bugcrowd is contracted to manage the bugbounty and disclosure program for Stellantis. In mid-January 2021, Fiat Chrysler Automobiles (FCA) and PSA Groupe merged to create Stellantis, one of the world’s leading automakers and a mobility provider, guided by a clear vision: to offer freedom of movement with distinctive, affordable and reliable mobility solutions. […]

General Motors

GM is running its disclosure and bug bounty program through HackerOne. Check out the link below.

China Launches Disclosure Program for Automotive Security

Aim is to keep Beijing abreast of loopholes within country’s mobile apps, connected cars and other internet products that could be exploited by cybercriminals Though mainly aimed at industry professionals such as app developers, everyday users can also make reports on the four platforms Source: