Product/Service Security Measures
Measures to Address Vulnerabilities in Canon Products/Services
Network connectivity via the cloud or using smartphones is increasingly enhancing benefits from Canon products and services. On the other hand, there is a growing need for measures against rising cybersecurity risks such as leaks of personal information or confidential data. Canon emphasizes potential cybersecurity risks from the product development stage. If any specific security issues are identified, information is shared at once with relevant divisions so efforts can be made to prevent any impact on customers and mitigate related risk.
Canon incorporates the necessary security features into products and services from the development stage, based on the trends in technology led by government entities, industry groups and software vendors on a global basis. We utilize methods such as review-based checks and vulnerability tests to mitigate related risks, with a secure development process positioned as a vital part of development. To stop recurrence of past vulnerabilities, we have made vulnerability assessment a requirement before final quality sign-off, and processes to confirm anti-recurrence measures have been implemented are under Group-wide development.
Besides, product/service vulnerabilities constitute a specialized area where technical progress and complexity make acquiring the latest knowledge and tracking developments a necessity. We define career and skill levels for our new software engineers, customer service engineers and security specialists, and have designed a level-specific security training curriculum to help develop critical human resources. Post-training follow-up processes also support onsite vulnerability testing to build practical skills alongside the theoretical knowledge base.
In January 2022, we created and initiated the Canon PSIRT 1 program as an internal response to addressing any security issues as they arise in the marketplace. Working in partnership with the METI’s early warning framework and external groups such as the JPCERT Coordination Center, Canon PSIRT focuses on managing vulnerability-related market developments, including gathering the latest information. Fully integrated into our risk management approach, the PSIRT website 2 releases the relevant information to customers on vulnerabilities in Canon products and services in a timely manner whenever they are received from researchers worldwide, thus ensuring our response to cybersecurity risks is on a par with the industry.
- 1 PSIRT stands for Product Security Incident Response Team.
- 2 Canon PSIRT website: (https://psirt.canon/)