Schuberg Philis
External Program
Submit bugs directly to this organization
Schuberg Philis
External Program
Submit bugs directly to this organization
We are dedicated to providing a secure environment for our customers, our visitors and ourselves. Therefore, we appreciate it if you notify us of any security issues you may encounter. Since we launched our responsible disclosure policy in 2012, we have learned that not all reported issues are useful. In order to help you, we wrote a post on Cupfighter.net about common mistakes and red herrings when reporting security issues to us.
While we value that you give us a chance to fix a problem, we kindly request the following:
We understand that you may want to get credit for your finding, but we also understand that you may explicitly not. Your anonymity is guaranteed and by default, unless you explicitly request otherwise. Given the nature of our business and the contracts with our customers we may not always be in a position to make the full details of your vulnerability public. We promise that, if you want credit, your name or alias will always accompany the details of vulnerability as we distribute them. In case we cannot make the details of the vulnerability public, we can, if desired, publish an article on cupfighter.net where we acknowledge your valuable input. Unless you object we will include a general description of your vulnerability and your name, handle or the phrase ‘an anonymous researcher‘ in our hall of fame page.
We appreciate your findings and in exchange we offer any one of the following:
We prefer contact by encrypted e-mail. Please use our PGP public key : 0F9C20A0 (see below) Please do not send sensitive data over unencrypted/public media, like Twitter of Facebook. Our e-mail address: [email protected]