-
Solutions
-
Your organization size
-
Your use case
-
Contact
Do you have questions about idgard?
-
-
Product
-
Functional areas
-
Integrations
-
Packages & Prices
Flexible for every size of company
-
- Pricing
-
Security
-
Security
-
Contact
You have questions about idgard security?
-
-
About us
-
About us
-
Compliance
-
Contact
Do you have questions about idgard?
-
-
Resources
-
Downloads
-
User resources
-
Contact
Do you have questions about idgard?
-
7. Reporting product vulnerabilities – responsible disclosure policy
Security is a top priority for us at idgard. We value the cooperation of security researchers and others who responsibly report vulnerabilities. This policy describes how you can report vulnerabilities and how we handle them.
1. Private disclosure model
We ask that you only report discovered vulnerabilities to us confidentially and do not make any details public. This gives us the opportunity to review and fix the vulnerability, ensuring our customers are not exposed to an increased security risk.
2. How to report a vulnerability
Please send your report by e-mail to
security(at)idgard.de
You are welcome to encrypt your message. To do this, send us a signed and personal message, which we will reply to with a signed e-mail.
Alternatively, you can contact us directly via our contact form by providing valid and personal contact information and specifying ‘Reporting a Security Vulnerability’.
3. What we need from you
To enable us to contact you directly, please provide a personal salutation along with your contact details.
Please provide as many details as possible about the vulnerability, e.g:
- Product, version and affected components
- Description of the vulnerability and its impact
- Step-by-step instructions for reproduction
- Proof-of-concept or sample code/scripts, if applicable
4. How we handle your report
- Confirmation of receipt: We will confirm receipt of your report within a maximum of 3 working days.
- Communication: We will keep you regularly informed by e-mail about the status of processing.
Analysis & resolution: We carefully examine the vulnerability and aim to resolve it within 90 days of receiving the report. - Publication: Once the vulnerability has been successfully resolved or the deadline has expired, we will consult with you about a possible publication of the vulnerability.
- Recognition: If you wish, we will be happy to name you as the finder of the vulnerability in our security notifications.
5. What we expect from you
- No publication or disclosure of vulnerability details without our explicit consent.
- No exploitation of the vulnerability beyond what is necessary for demonstration.
- No impairment of systems, data or users.
6. Legal notice
We will not pursue legal action against anyone who complies with this policy and reports vulnerabilities responsibly.
Thank you for your support in making our products more secure!