On this page: Coordinated Vulnerability Disclosure | Bulletins | Patches | Documentation
Protecting the integrity, confidentiality, and security is essential to ensuring product safety and reliability. This section provides security-related information, including bulletins, patches, and documentation, to help customers and partners understand and address potential risks.
On this page: Coordinated Vulnerability Disclosure | Bulletins | Patches | Documentation
At Illumina, we believe safeguarding sensitive data is foundational to genomic innovation and customers are the heart of everything we do. As part of our ongoing commitment to security, we are pleased to introduce the Product Security Portal — a centralized resource designed to help customers and partners access product security information with ease.
Developed by our expert cybersecurity professionals, and informatics teams, and based on feedback from our global community, the Portal offers timely access to vulnerability disclosures, security bulletins, patches, best practices, and product security documentation.
As software and technology continue to become more integrated in our products, Illumina recognizes cybersecurity to be an important element in managing risk across the total product lifecycle. Cybersecurity threats are evolving, and they have the potential to not only impact the confidentiality, integrity, and availability of a product, but also its effectiveness in its intended use.
Illumina maintains a dedicated Product Security team responsible for evaluating and implementing security controls, managing cybersecurity risk across our various product lines, and executing our cybersecurity post-market product surveillance and support program.
We recognize and appreciate the value provided by our customers and security researchers in identifying cybersecurity risks on Illumina’s products and look forward to collaborating with those partners in good faith.
The scope of the Illumina Coordinated Vulnerability Disclosure Program includes on-market products and associated SaaS applications (e.g. BaseSpace Sequence Hub, Illumina Connected Analytics, Illumina Connected Insights, Correlation Engine, ClarityLIMS, Emedgene). Infrastructure and software owned and used by Illumina in operating its business are out of scope of this Coordinated Vulnerability Disclosure Program. Additionally, the Coordinated Vulnerability Disclosure Program should not be used for submitting adverse events or product quality complaints. Please follow the appropriate processes laid out by the individual product lines for reporting these types of issues.
As a part of our Coordinated Vulnerability Disclosure Program, Illumina will be using this page to post cybersecurity bulletins related to vulnerabilities and their potential impact to Illumina products. For any additional questions or comments related to product security at Illumina, please contact your service representative and/or the product security team.
How to contact Illumina Product Security:
Upon identifying a potential vulnerability in an Illumina product, please contact the Product Security team via email as soon as possible using Pretty Good Privacy (PGP) encryption as follows:
In the email, please provide all relevant technical information regarding the vulnerability, including, but not limited to:
Do not include any personally identifiable information (PII) or individually identifiable health information (IIHI) in the message.
For any research being conducted on Illumina products, we ask researchers to:
After receiving notice of a potential vulnerability, Illumina will:
If you share any information with Illumina, you agree that the information you submit will be considered as non-proprietary and non-confidential, and that Illumina is allowed to use such information in good faith, in any manner, in whole or in part, and without any restriction.
Our security bulletins keep you up to date on vulnerabilities and what they mean for your Illumina instruments and software. Each bulletin clearly outlines which products are affected and, if customer action is needed, provides straightforward instructions to help you respond quickly and effectively.
We understand the importance of both speed and simplicity when addressing security, so patches and product updates are designed to be easy to access and implement. This page includes details on patch releases, installation instructions, and best practices to ensure your software remains secure and up to date.
Our documentation library is built by the same experts who design and secure Illumina’s products, combining deep product knowledge with proven security practices. Here, customers will find comprehensive resources including best practices, configuration guides, and security architecture overviews.
If you identify a potential vulnerability in an Illumina product, please contact us via email as soon as possible utilizing PGP (Pretty Good Privacy encryption program) as outlined below:
Key ID: B286E33E2CCD79B5
PGP Location: https://keys.openpgp.org/