1. Security update period
TAG Heuer always does its best to provide continuous security updates for its TAG Heuer Connected Watches. The security updates generally include the latest security patches, security vulnerability fixes, and other security improvements. Typically, TAG Heuer will maintain the security updates for at least two years after the first commercial launch date of a relevant TAG Heuer Connected Watches.
TAG Heuer provides security updates that include patches provided by third party suppliers, TAG Heuer-specific security issues for TAG Heuer Connected Watches (software/hardware/firmware), which can protect customers from ever-changing security risks.
2. Vulnerability Disclosure Policy
This policy outlines how to report a security issue on TAG Heuer Connected Watches for TAG Heuer analysis and resolution. We encourage customers, users, researchers, partners, and anyone using TAG Heuer Connected Watches to report any vulnerabilities and security issues they encounter.
Please note that you do not need to provide any personal information when submitting your report, with the exception of your e-mail address, so that we can acknowledge receipt of your report and keep you informed from time to time of the progress of your report. For details on how we handle personal information, please refer to TAG Heuer’s general privacy policy.
TAG Heuer reserves the right to use your report for any purpose it found necessary, including, but not limited to, fixing any reported vulnerabilities and security issues which TAG Heuer acknowledges need attention. Should your report include suggestions for changes or improvements to a TAG Heuer product or service, you agree to grant TAG Heuer all rights to use and own those ideas.
By submitting a report to TAG Heuer, you agree to the following terms:
- You have not and will not exploit or use any discovered vulnerabilities and security issues for any purpose other than reporting them to TAG Heuer.
- You have not conducted and will not conduct any research with the intention of causing harm to TAG Heuer, its customers, employees, partners, or suppliers.
- You have not and will not misuse, delete, alter, or destroy any data accessed in relation to the discovered vulnerability or security issues.
- You have not engaged and will not engage in social engineering, spamming, phishing, denial-of-service attacks, or resource exhaustion attacks.
- You have not tested and will not test the physical security of TAG Heuer's properties.
- You have complied and will comply with all applicable laws during your interactions that lead to your report.
- You agree to maintain confidentiality regarding your report and the details of the vulnerabilities or security issues reported; this includes non-disclosure of such issues being reported to TAG Heuer.
In return for your cooperation and adherence to these terms:
TAG Heuer commits to:
- Acknowledge receipt of each vulnerability or security issue report submitted promptly.
- Work collaboratively with you to understand the potential vulnerability or security issue thoroughly and address it expeditiously.
- Make its best effort to rectify security issues swiftly and release patches or updates as soon as feasibly possible for end-users.
Please note that while TAG Heuer appreciates every report, further contact may only occur if necessary for additional clarification on your report. Your submission is made without any expectation of compensation or reward and without assurance that the reported issues will be corrected by TAG Heuer.
3. Report security vulnerability or issues
To report a discovered security vulnerability or issue, please contact VulnerabilityDisclosure.UK@tagheuer.com.
In order to help us analyze and process your report, we would be grateful if you could provide us with the following information, if possible:
- Report title: Provide a brief and descriptive title for the security issue.
- TAG Heuer Connected Watch and versions affected: List the specific TAG Heuer Connected Watch and its version that are impacted by the security issue.
- Security issue severity: Classify the severity of the security issue as Low, Medium, High, or Critical.
- Description of the potential security issue: Describe what the security issue is and its potential impact.
- Technical details and steps to reproduce: Include comprehensive technical information and step-by-step instructions that can replicate the security issue.
Providing your name or organization and contact details is optional, but it may assist TAG Heuer if they need to discuss your report further or inform you about any updates. Even without this information, rest assured that your report will be taken seriously and looked into carefully.
4. Disclaimers
Please note that:
- Security patches for our TAG Heuer Connected Watches may come from third-party suppliers, which can affect the timing of resolutions.
- While we are doing our best to deliver the security patches as soon as possible to our TAG Heuer Connected Watches delivery time of security patches may vary depending on the regions and models.
5. Security Advisory/Notice List
| Model Name | Release Date | Security Update End | Statement of compliance |
|---|---|---|---|
| SBR8A | 2022.03 | 2025.02 | https://www.tagheuer.com/gb/en/downloads/downloads.html |
| SBR80 | 2022.03 | 2025.02 | https://www.tagheuer.com/gb/en/downloads/downloads.html |