At Securepoint, we place the highest importance on the security of our systems and that of our customers. We recognize that independent security experts play a valuable role in identifying vulnerabilities. This policy outlines the process and conditions for the responsible disclosure of vulnerabilities
- Confidentiality: Keep all information about discovered vulnerabilities confidential until we have provided a solution.
- Vulnerability Details: Provide a clear and detailed description of the vulnerability, including the necessary steps to reproduce the issue.
- No Exploitation: Do not exploit the discovered vulnerability to gain unauthorized access to systems or data.
- No Harm: Avoid actions that could lead to interruptions or damage to our services or systems.
- Timely Feedback: We acknowledge receipt of your report within 5 business days and keep you informed about the progress of our investigation.
- Recognition: After successful validation and remediation of the vulnerability, we offer public acknowledgment of your contribution, if desired.
- No Legal Action: We will not take legal action against security experts who responsibly disclose vulnerabilities in accordance with this policy.
Please send all information regarding a vulnerability to our security team at security@securepoint.de. Include the following information if possible:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Possible mitigation suggestions
The personal data submitted as part of a vulnerability report will be used solely for the purpose of investigating and resolving the vulnerability and is subject to data protection regulations in accordance with the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).
The security of our systems and data is our top priority. We appreciate your support and cooperation in improving the security of Securepoint. If you have any questions about this policy, please contact our security team.
This policy is based on best practices and serves to protect both security experts and our systems and customers. We thank you for your cooperation and commitment to a secure digital world.