Logo image

Responsible Disclosure

We are dedicated to providing a secure environment for our customers, our visitors and ourselves. Therefore, we appreciate it if you notify us of any security issues you may encounter. Since we launched our responsible disclosure policy in 2012, we have learned that not all reported issues are useful. In order to help you, we wrote a post on Medium about common mistakes and red herrings when reporting security issues to us.

Rules of Engagement
While we value that you give us a chance to fix a problem, we kindly request the following:

  • do not abuse your finding. We really want to fix it!
  • do not share your finding with other parties.
  • we will assess and respond within a reasonable time frame. (we really, really want to fix things).

Anonymity or credits and publication

We understand that you may want to get credit for your finding, but we also understand that you may explicitly not. Your anonymity is guaranteed and by default, unless you explicitly request otherwise.
Given the nature of our business and the contracts with our customers we may not always be in a position to make the full details of your vulnerability public. We promise that, if you want credit, your name or alias will always accompany the details of vulnerability as we distribute them. In case we cannot make the details of the vulnerability public, we can, if desired, publish an article on Medium where we acknowledge your valuable input.
Unless you object we will include a general description of your vulnerability and your name, handle or the phrase ‘an anonymous researcher‘ in our hall of fame page.

Bounty
We appreciate your findings and in exchange we offer any one of the following:

  • a gift card valid on  thinkgeek.com (50$) or getdigital.eu (50€)
  • a donation to Room To Read
  • a bottle of Champagne (you have to collect it. We have had very bad experiences with shipping it …)

Contact
We prefer contact by encrypted e-mail.
Please use our PGP public key which is publically signed on https://keybase.io/schubergphilis

Please do not send sensitive data over unencrypted/public media, like Twitter of Facebook.
Our e-mail address: abuse@schubergphilis.com

MORE NEWS

blank

(Terraform) AWS management using your Google account

TL;DR This Terraform plan will provide you with access to your …
blank

AWS re:invent blog coverage

A group of 20+ Schuberg Philis colleagues is attending the AWS …
blank

Schuberg Philis joins the AWS Managed Services Partner program

Dutch IT service provider certified as Managed Services Partner …