PSIRT
We welcome reports from customers, partners, security researchers, and independent assessors who have identified a potential vulnerability in one of our products. Every report helps us further improve the security of our products.
To protect our customers, we kindly ask you to report any discovered vulnerabilities confidentially to our PSIRT first and refrain from publicly disclosing them until an appropriate remediation has been implemented or a Security Advisory has been published in coordination with all relevant parties.
Report a Security Vulnerability
When submitting a report, please include the following information whenever possible:
- Your name / company
- Your contact details (email address / phone number)
- Affected system / product line
- Firmware / software version
- Type of vulnerability and a brief description of how it can be exploited
- Whether the vulnerability has already been disclosed or published elsewhere
Process Overview: What Happens to Your Report?
All incoming reports are accessible only to a limited group of authorized and qualified members of the PSIRT. Neither unauthorized employees nor external third parties have access to the submitted information. The identity and contact details of the reporting party are treated as confidential and will not be disclosed without their explicit consent.
The Process in Four Steps:
Acknowledgement of Receipt
You will typically receive an acknowledgement confirming receipt of your report within XXX business days.
Analysis & Assessment
Our PSIRT reviews the reported vulnerability and assesses its severity, typically using the Common Vulnerability Scoring System (CVSS). Depending on the complexity of the issue, the assessment may take anywhere from a few days to several weeks. You will receive a status update no later than XXX business days after submitting your report.
Remediation & Mitigation
For confirmed vulnerabilities, we develop appropriate remediation measures, such as patches, updates, or workarounds. If a vulnerability has a significant impact on customers, we will publish a Security Advisory. Throughout the process, we will keep you informed about the progress.
Publication
The final Security Advisory, together with any associated updates, will be published on this page and made available to all customers. Upon request, we are pleased to acknowledge the reporting party in the Security Advisory (credit).
