Every IT-system may have bugs and weaknesses. Some of them are prone to harm integrity, privacy and availability of our services. Thus, it is of utter importance to manage these findings in a responsible way.
The following disclosure policy attends to the potentially given issue.
One of our main objectives is to stay in constructive dialogue with you to discuss, confirm and resolve the findings.
Should you encounter such issues in context to and with our websites, products or services, please feel free to inform us using the following address: firstname.lastname@example.org.
Please provide us with sufficient technical information about your finding.
- web server IP-address and name
- IP-address of exploring system
- the kind of vulnerability (i.e. code injection, RXSS, DOS, etc.)
- explanation, HTTP-Request or API-call to exploit the vulnerability
If you contact us concerning an issue we will do the following:
- We will send you a qualified feedback about the finding
- We will keep in touch with you until the issue is resolved
- We will work to resolve the issue as soon as possible and according to its servility
We ask you to respect the following:
- Inform us as soon as you encounter a finding
- Do not exploit the finding to dig deeper into our or others systems, to extract any data or to harm our or others systems or rights.
- Do not disclose you finding to the public before we resolved or disapproved it.
- Do not use physical force or social engineering nor any kind of DDOS or other measurements that potentially harm our or others rights.