How to Report Potential Security Vulnerabilities
If you believe you’ve found a security vulnerability in an Altera product or solution, submit reports through the current Bug Bounty program provider, Intigriti, which is the preferred method. Our PSIRT engineers work directly with Intigriti to analyze your submission report. See the Intigriti page for the Altera Bug Bounty program terms and conditions.
To contact the Altera Product Security Incident Response Team (PSIRT) directly, email psirt@altera.com. Please encrypt all correspondence using our PGP public key. when sending information about potential security weaknesses or vulnerabilities.
Only submissions through Intigriti qualify for consideration for bug bounty rewards.
If you’re having trouble encrypting your vulnerability report or have questions about the process, please email PSIRT. We’ll help identify a secure method for transmitting your report. Please note that this email is for security-related issues that affect Altera Products. For general support inquiries, please use the regular support channels.
When reporting an issue via email, please provide as much of the following information as possible:
| Affected Products and Version | <List of products potentially impacted including |
| Description | <Full description of the issue including any impacts to confidentiality, integrity, or availability. > |
| Steps to Replicate/Proof of Concept (POC) | <Steps to reproduce the issue should be included and/or any code to trigger the vulnerability> |
| Known Disclosure Plans | <Any known disclosure plans> |
Altera follows the recommendations of first.org for Multi-Party Vulnerability Coordination and Disclosure.
The public PGP key for psirt@altera.com can be downloaded here.
Key ID: F953 CC13 6BC2 F9FB
Fingerprint: 504A32EE9183D1B22F1E80FDF953CC136BC2F9FB.
Expiration Date: 10/28/2025