REPORT A usd
VULNERABILITY OR BUG


We make every effort to ensure the security of our websites, platforms and IT infrastructure components. Nevertheless, it may happen that you discover a weakness or bug in our systems. In this case we ask that you handle the vulnerability responsibly and report it to us for correction. For this purpose we have implemented a dedicated process below.

DISCLOSURE GUIDELINE

We aim to fix reported vulnerabilities or bugs within 60 days. If the vulnerability is found in a third-party component, we will contact the responsible parties to arrange for its remediation. The following rules apply for reporting vulnerabilities and bugs:

  • We do not pay premiums for reported vulnerabilities.
  • Vulnerabilities may only be published in agreement with usd AG.
  • Do not violate applicable law and do not damage or compromise any data of usd and/or its customers or exploit any confirmed vulnerabilities.
  • In vulnerability reports, including any attachments, do not include information that could identify an individual (e.g., name, contact information)
  • To help us process vulnerability reports as quickly as possible, please ensure that you explain the steps required to reproduce the vulnerability in detail .

LEGAL & CONDITIONS

By submitting vulnerabilities and/or proposed solutions (hereinafter referred to as “feedback”) to usd AG

  • you agree to avoid causing any damage to usd AG and/or its customers and therefore agree not to disclose any information until a fix and/or patch has been provided by usd; and
  • you agree that usd AG may use this feedback to update and/or improve its websites, platforms and IT infrastructure components; and
  • you grant usd AG the right to use your feedback for any purpose without restriction or compensation of any kind with respect to you and/or your representatives.

HAVE YOU DISCOVERED A VULNERABILITY OR BUG?

Please inform us according to the guidelines specified above. Please use our registration form or contact us directly at incident-response-team@usd.de. For encrypted communication via email, we can offer either S/MIME or PGP. For exchanging data via email, we need your public certificate.