Making Our Products More Secure

As the industry-leading virtualization software company, VMware takes customer security and safety very seriously. VMware has well-established programs and practices to identify and remediate security vulnerabilities in our products and to mitigate software security risks to customers. These programs are constantly evolving based on our own experiences, changes in the threat landscape, and our learnings based on industry observation and collaboration.

The VMware Security Engineering, Communications & Response group (vSECR) is the central organization within VMware responsible for developing and driving software security initiatives across all of VMware’s Research and Development organizations to reduce software security risks. The vSECR group takes a full lifecycle approach to product security from product inception to product end of life. VMware, through vSECR, is committed to the ongoing security of our products and the safety of our customers.

Sign up for Security Advisories

Enter your email address:


VMware uses several techniques as part of our Security Development Lifecycle to improve the security of VMware products. Read here how we do it.

VMware Security Response Center manages reports of security vulnerabilities. Read here how we do it and how to stay current on security fixes.

VMware Security Advisories document remediation for security vulnerabilities that are reported in VMware products. Sign up on the top of this page to receive new and updated advisories in e-mail. Consolidated list of VMware Security Advisories can be found here.

Third-party certifications such as Common Criteria and FIPS provide independent validation of the security of VMware products.  These certifications are listed along with links to the official certificate or report.

Security Hardening Guides provide prescriptive guidance for customers on how to deploy VMware products in a secure manner. This guidance includes script examples and other information to help with security automation.