Responsible Disclosure
The security of our systems and products is of highest priority for us. Despite all the effort we put in our services, there is still the chance of vulnerabilities, which we are not aware of. If you find a vulnerability, we would be grateful if you notify us.
Please be compliant with the following conditions:
- You can exploit the vulnerability for demonstration purpose, but this should not lead to service outages (DoS) as well as the manipulation or loss of data. The purpose of the demonstration should show the attack vector and should not cause any damage.
- Do not share gathered information with third parties.
- These areas/fields are not part of the responsible disclosure process:
- Physical security
- Social engineering
- Distributed Denial of Service (DDoS) attacks
- Spam & Phishing
- Exploiting vulnerabilities on systems which are dedicated to our customers.
Please make sure to provide enough information so that we can reproduce the issue. A brief description including a problem description and the URL/IP of the affected system should be sufficient .
What we will do:
- We will not press any legal charges caused by demonstrating the vulnerability. The prerequisite is that you comply with the conditions above.
- We will not share your data with third parties without your consent. Our correspondence will be treated as confidential.
- We will keep you updated on the resolution of the vulnerability.
Contact details
responsible.disclosure@a1.group
PGP key: C451 95B3 EB90 8ADB CDD2 982C 8F52 2AE8 1AE8 85B2