Harmonic Vulnerability Disclosure Policy

LAST UPDATE: JULY 2026
 

Harmonic takes the security of our products and infrastructure seriously. If you believe you have found a security vulnerability in our products or on harmonicinc.com, we encourage you to let us know. We are committed to working with researchers who report issues in good faith.  We accept vulnerability reports from all sources including security researchers, industry partners, vendors and customers.

Scope 
We are primarily interested in vulnerabilities affecting Harmonic products, harmonicinc.com, and associated subdomains. We ask that you exclude third-party services, customer systems, and any infrastructure not operated by Harmonic, Inc.

How to Report 
Please email securityreports@harmonicinc.com with the following information:

  • A description of the vulnerability and its potential impact
  • The affected product, domain, or system
  • Steps to reproduce the issue
  • Any supporting evidence (screenshots, proof-of-concept, request/response logs)
  • Your preferred contact method so we can follow up with you

Submissions must be encrypted using our PGP key:

  • Fingerprint: FFF802050CD8749B88917CB1B36AFDE059B130E1
  • Public key: asc file

What to Expect
We will acknowledge your report within 3 business days. Once triaged, we will notify you when a resolution has been identified or a remediation is available.

Good Faith
Harmonic will not pursue legal action against researchers who report vulnerabilities in good faith and in accordance with this policy. We ask that you allow us 90 days to investigate and remediate before any public disclosure.