To ensure responsible disclosure, we ask individuals to adhere to the following requirements when reporting security vulnerabilities:
Security
At PSB, the security of our customers, products, and employees is our top priority. We value your support in identifying vulnerabilities on our website, products (software & hardware), services, or web applications. This responsible disclosure policy helps us ensure that security vulnerabilities are reported and resolved both promptly and responsibly.
Upon receiving reports of security vulnerabilities in accordance with this policy, we will take immediate action. This includes involving relevant staff within our organization and collaborating with security researchers to resolve the issue effectively. We are committed to addressing all reported security vulnerabilities in line with our security and privacy obligations.
We assure you that we will not take legal action against individuals who responsibly disclose security vulnerabilities under this policy. However, in the event of a violation of this policy, we reserve all rights.
We appreciate disclosure efforts; however, we do not provide financial compensation for reported vulnerabilities. Requests for remuneration or participation in bug bounty programs are not considered compliant with this responsible disclosure policy.
Guidelines for Responsible Reporting
01
Refrain from disclosing the bug or vulnerability on public platforms before notifying PSB, and allow adequate time for resolution.
02
Avoid exploiting vulnerabilities to access unauthorized data or compromise confidentiality and availability.
03
Do not engage in activities that may affect the reliability or availability of our services, such as DDoS or spam attacks.
04
Avoid using scanners or automated tools to discover vulnerabilities, as they may have unintended consequences.
05
Refrain from non-technical attacks, including social engineering, phishing, or physical attacks on our employees or infrastructure.
06
Do not request compensation for vulnerabilities, either directly or indirectly.
What to Include in the Report?
When reporting security vulnerabilities, please provide the following details:
- Description of the suspected vulnerability
- Steps to reproduce the issue
- Your email address and a secure method of contact
- Your name (or that of a colleague) for recognition, if desired
How to Report an Issue
You can report vulnerabilities to us at security@psb-engineering.de. If your email contains sensitive information, please use the OpenPGP key:
