Report a usd
vulnerability or bug
We make every effort to ensure the security of our websites, platforms and IT infrastructure components. Nevertheless, it may happen that you discover a weakness or bug in our systems. In this case we ask that you handle the vulnerability responsibly and report it to us for correction. For this purpose we have implemented a dedicated process below.
We aim to fix reported vulnerabilities or bugs within 60 days. If the vulnerability is found in a third-party component, we will contact the responsible parties to arrange for its remediation. The following rules apply for reporting vulnerabilities and bugs:
We do not pay premiums for reported vulnerabilities.
Vulnerabilities may only be published in agreement with usd AG.
Do not violate applicable law and do not damage or compromise any data of usd and/or its customers or exploit any confirmed vulnerabilities.
In vulnerability reports, including any attachments, do not include information that could identify an individual (e.g., name, contact information)
To help us process vulnerability reports as quickly as possible, please ensure that you explain the steps required to reproduce the vulnerability in detail.
Legal & Conditions
By submitting vulnerabilities and/or proposed solutions (hereinafter referred to as “feedback”) to usd AG
you agree to avoid causing any damage to usd AG and/or its customers and therefore agree not to disclose any information until a fix and/or patch has been provided by usd; and
you agree that usd AG may use this feedback to update and/or improve its websites, platforms and IT infrastructure components; and
you grant usd AG the right to use your feedback for any purpose without restriction or compensation of any kind with respect to you and/or your representatives.
Have you discovered a vulnerability or bug?
Please inform us according to the guidelines specified above. Please use our registration form or contact us directly at firstname.lastname@example.org. For encrypted communication via email, we can offer either S/MIME or PGP. For exchanging data via email, we need your certificate or your public PGP key.