Security updates are disclosed to customers in three ways:
All changes that address security vulnerabilities are marked with a [Cybersecurity] tag. Other improvements to cybersecurity functionality are marked with a [Cybersecurity Enhancement] tag.
End users of SEL products can sign up to receive an emailed summary at the end of each month listing all cybersecurity product changes that month, including all security service bulletins and any product revisions marked as [Cybersecurity] or [Cybersecurity Enhancement].
Note: To receive email security vulnerability notifications, you must have a corporate email account whose domain is recognized by SEL as an end-user customer. If you would also like vulnerability notification emails sent to a designated corporate mailbox, please send a request to security@selinc.com.
When you receive a software update from SEL, it will be digitally signed so you can verify that it has not been altered or tampered with.
Verify an SEL software download.
We provide firmware tools that you can use to view the latest firmware version for your products, check the integrity of a device’s firmware, and verify the integrity of new firmware files.
Verify firmware version and integrity.
Since our founding in Pullman, Washington, in 1982, SEL has conducted business following a strong set of core values—quality, customer focus, discipline, communication, integrity, creativity, community, ownership, and dignity of work. We have applied these values in everything we do, including product and supply chain security, which has been a top SEL priority for more than 35 years.
Our goal will always be to invent, design, and build secure products to safeguard critical infrastructure. When a vulnerability is found, rapidly assessing risk, and informing customers is central to maintaining the trust we have worked decades to earn. SEL does not manufacture products with any form of undocumented authentication bypass mechanism or undisclosed communication channel.
Because the life span of an SEL product is often measured in decades, and because it protects or controls critical infrastructure in a constantly shifting threat environment—we understand our responsibility and the need for constant vigilance. We also understand that patch application in operational technology environments is often costly to our customers. Our pledge is to always act with urgency and transparency throughout the disclosure and remediation process and minimize risk at every turn.
We reveal sufficient information about a vulnerability to enable our customers to accurately assess and mitigate risk without unnecessarily disclosing sensitive information likely to empower an adversary. We will never knowingly disclose vulnerabilities in a way that tips the scale in favor of a potential attacker, and we will always provide a disclosure to customers in advance of any other dissemination.
The SEL Product Security Incident Response Team (PSIRT) assesses every report of a security issue with SEL products, whether those reports come from within SEL as a function of our continuous improvement processes or from an external reporter. The PSIRT, with executive leadership support, considers several factors to evaluate the risk a vulnerability poses, and calibrate the urgency of, and resources devoted to, remediation, including:
Vulnerabilities are disclosed to customers in three ways:
SEL responds immediately to any significant vulnerability affecting an SEL product that is likely to be actively exploited. We will rapidly provide mitigation guidance followed by any necessary patches or upgrades.
SEL’s quality, safety, information security, and environmental management systems are certified to internationally recognized standards by the British Standards Institution (BSI) and the American Association for Laboratory Accreditation (A2LA).
Learn more about SEL system and product certifications.Please submit your question regarding the security of SEL products or services.