INFICON Security & Vulnerability Disclosure

INFICON is committed to the security of its products and digital services and to meeting the requirements of the EU Cyber Resilience Act (CRA) (Regulation (EU) 2024/2847).

As part of our ongoing compliance program, we are currently developing a formal CRA Vulnerability Handling Policy. This policy will set out our processes for receiving, triaging, and resolving security vulnerabilities in accordance with CRA obligations, including coordinated vulnerability disclosure (CVD) as referenced in ETSI EN 303 645 and ISO/IEC 29147.

This page will be updated once the policy has been finalized and approved. We anticipate publishing the full policy by September 1, 2026.

This is an interim statement. Last reviewed: May 2026.