VULNERABILITY DISCLOSURE POLICY

If you believe you have found a security vulnerability on one of our web sites or in our apps, we thank you in advance for letting us know right away. We will investigate all legitimate reports and do our best to quickly fix any problem.

Below you will find the best way to report a security vulnerability, while if you are looking to report a privacy issue, please contact our privacy officer as described on Ferrero Privacy Policy.

We will not pursue legal action, nor initiate a complaint to law enforcement, against the finder/researcher operating in good faith. However, the Ferrero Group reserves all legal rights in the event of noncompliance to the Guidelines for Operating in Good Faith that follow.

REWARD

Ferrero Group does not currently offer a reward program; thus, there will not be any compensation, reward or public recognition for submittal of potential vulnerabilities.

GUIDELINES FOR OPERATING IN GOOD FAITH

As a proof of good faith, we expect from you an ethical behavior making every effort to:

  -   Avoid disruptive actions against Ferrero systems.
  -   Keep the information related to the discovered vulnerability confidential for a reasonable time period to allow our technical department to resolve the issue.
  -   Avoid privacy violation or any destruction, modification or exfiltration of Ferrero data.
  -   Avoid leveraging the vulnerability in the attempt to reach further systems or services, or to establish persistence (backdoor/command line access).
  -   Not violate any other applicable laws or regulations.

OUT OF SCOPE

The following vulnerabilities are out of scope for submittal under the Vulnerability Disclosure Policy:

  -   Spam or social engineering techniques.
  -   Denial-of-service attacks.
  -   Brute force credential compromise.
  -   Content injection posting content on Ferrero websites.
  -   Physical access testing (e.g., facility access, tailgating, device theft).

CONTACT INFORMATION

To disclose a potential vulnerability, please email to: cybersecurity.support@ferrero.com, providing:

  -   Description of the issue
  -   When you found the issue
  -   How it can be reproduced
  -   Any thoughts on how we can mitigate the issue
  -   Feel free to share scripts or network traces

If possible, emails in English are preferred.

페레로는 1946년 이탈리아 피에몬테주의 작은 도시 알바에서 탄생했습니다. 오늘날, 페레로는 전 세계 170여 개국에서 판매되는 소비자에게 사랑받는 브랜드를 보유한 세계 최대의 제과 식품 회사 중 하나로 성장했습니다. 페레로 그룹은 누텔라, 킨더, 틱택, 페레로 로쉐와 같이 모든 이들에게 사랑받는 제품으로 전 세계에 기쁨을 전합니다. 약 47,000명의 직원들이 소비자의 특별한 순간을 더욱 빛나게 하기 위해 열정을 다하고 있습니다. 페레로 그룹의 가족 문화는 현재 3세대에 걸쳐 품질과 우수성, 전통을 바탕으로 환경과 지역 사회에 대한 헌신을 실천하고 있습니다.