Report a usd
vulnerability or bug
We make every effort to ensure the security of our websites, platforms and IT infrastructure components. Nevertheless, it may happen that you discover a weakness or bug in our systems. In this case we ask that you handle the vulnerability responsibly and report it to us for correction. For this purpose we have implemented a dedicated process below.
We aim to fix reported vulnerabilities or bugs within 60 days. If the vulnerability is found in a third-party component, we will contact the responsible parties to arrange for its remediation. The following rules apply for reporting vulnerabilities and bugs:
|We do not pay premiums for reported vulnerabilities.|
|Vulnerabilities may only be published in agreement with usd AG.|
|Do not violate applicable law and do not damage or compromise any data of usd and/or its customers or exploit any confirmed vulnerabilities.|
|In vulnerability reports, including any attachments, do not include information that could identify an individual (e.g., name, contact information)|
|To help us process vulnerability reports as quickly as possible, please ensure that you explain the steps required to reproduce the vulnerability in detail.|
Legal & Conditions
By submitting vulnerabilities and/or proposed solutions (hereinafter referred to as “feedback”) to usd AG
|you agree to avoid causing any damage to usd AG and/or its customers and therefore agree not to disclose any information until a fix and/or patch has been provided by usd; and|
|you agree that usd AG may use this feedback to update and/or improve its websites, platforms and IT infrastructure components; and|
|you grant usd AG the right to use your feedback for any purpose without restriction or compensation of any kind with respect to you and/or your representatives.|
Have you discovered a vulnerability or bug?
Please inform us according to the guidelines specified above. Please use our registration form or contact us directly at firstname.lastname@example.org. For encrypted communication via email, we can offer either S/MIME or PGP. For exchanging data via email, we need your certificate or your public PGP key.