In designing our products and services, Acer strives to comply with the highest safety standards. To protect our customers and their data more thoroughly, we welcome security researchers, academic staff, and others from the security community to provide any information about potential security vulnerabilities that they may have. We work with those who raise major security vulnerabilities and confirm all relevant reports.
We work with partners, industry, and the security community to resolve vulnerabilities. When notified of a suspected vulnerability, we conduct a thorough investigation and, if confirmed, work with the person who submitted the issue to remedy it, while also coordinating the public release of the information. Generally speaking, security vulnerabilities mostly arise from independent hardware suppliers (IHVs) such as Intel, AMD, and Nvidia, or Microsoft operating systems and applications. Upon receiving reports, Acer will provide consumers with ways to patch vulnerabilities. Our website at community.acer.com also provides us with various ways to respond to information security weaknesses. For example, researchers identified a vulnerability in the Baseboard Management Controller (BMC) that could be exploited by attackers to accomplish remote code execution. Acer works closely with suppliers to limit risk through security best practices, restricted privileges, and updates the BMC and CMC firmware to address BMC firmware vulnerabilities affecting certain products.
Acer uses only the latest software versions available on our website to verify reproducible vulnerabilities. In 2021, through this website we received 45 vulnerabilities related to Acer websites or software, of which four were confirmed to be genuine and fixed immediately. In addition, we have also published information and solutions on our website in response to Intel’s announced security vulnerability.
Acer is committed to ensuring that our products are protected against attacks throughout the supply chain life cycle, from parts procurement and manufacturing to transportation, service, and recycling. We require all suppliers to comply with the requirements to reduce the risk of counterfeiting, malware, and tampering.
Acer strives to create the safest designs for users, including but not limited to the following measures: