How to Report a Security Vulnerability or Issue to Elo
We take security seriously and appreciate reports of potential vulnerabilities or incidents involving Elo products or systems. If you’ve discovered a security issue, please report it through our Technical Support form: https://contactus.elotouch.com/technicalsupport
By submitting a report, you acknowledge and accept Elo’s Vulnerability Submission Policy.
What to Include in Your Report
To help us investigate and respond quickly, please provide the following:
Your full name and contact information
(Email preferred, but any method we can use to follow up is acceptable.)-
Detailed description of the issue, including:
The name of the affected Elo service, product, or system
The software name, description, and version number (if applicable)
Step-by-step instructions to reproduce the issue
A technical description of the vulnerability (include proof of concept, if possible)
The potential impact or risk posed by the issue
Any other relevant information that may help us validate and resolve the vulnerability
Vulnerability Disclosure Policy
Responsible Reporting Guidelines
Elo values and encourages contributions from customers and the broader community to help improve the security of our products and services. If you identify a potential vulnerability, we ask that you act responsibly and follow these guidelines:
-
Do not access, modify, or test Elo systems, services, products, or software without proper authorization.
-
Do not disclose, alter, destroy, or misuse any data encountered during your investigation.
-
Keep all information related to the reported issue strictly confidential, including communications with Elo.
-
Avoid denial-of-service (DoS) attacks or any testing that could impact the availability, integrity, or confidentiality of Elo systems.
-
Do not engage in social engineering, phishing, or similar activities targeting Elo customers or employees.
-
Please note: Elo does not offer compensation for time spent or vulnerabilities discovered during unsolicited testing or research.
Vulnerability Response Process
Elo follows a structured process to evaluate and address reported security vulnerabilities.
Elo will acknowledge receipt of your vulnerability report within 3 business days and provide a tracking number for reference.
Following the initial acknowledgment, Elo will make reasonable efforts to respond within 30 days to confirm whether the reported vulnerability has been:
- Validated and accepted, or
-
Rejected
- If the vulnerability is accepted, Elo may provide a non-binding proposed mitigation timeline.
- If the vulnerability is rejected, Elo will provide the rationale for the rejection and remains open to reviewing any additional information provided.
Elo may contact you to request additional details needed for validation or mitigation. If you do not respond to two reasonable attempts to obtain required information, Elo reserves the right to close the case.
Once a vulnerability is confirmed and accepted, Elo engineers will work to develop appropriate hardware and/or software mitigations.
Elo strives to complete analysis and implement software mitigations within 90 days of the initial acknowledgment. However, the actual release of mitigations may extend beyond this timeframe due to factors such as:
- Upstream vendors having different issue resolution timelines
- Substantial hardware or architectural changes required
- Product lifecycle or resource limitations
- Integration across multiple distribution channels or ecosystems
Mitigation timelines are estimates and may change based on complexity, dependencies, and external factors.
At its sole discretion, Elo may periodically publish security bulletins to inform the public of completed mitigations for affected products.
Latest Security Updates
| Title | Type | Affected Products | CVE | Published Date | Last Updated |
|---|---|---|---|---|---|
| Windows 10/11 LTSC Windows Update | Security Bulletin | All Elo Intel based computer systems | EN18031 | 07/17/2025 | 08/05/2025 |
Please report any broken links by emailing support@elotouch.com and include a link to the knowledge article