Skip to content

Latest commit

 

History

History
46 lines (26 loc) · 2.17 KB

SECURITY.md

File metadata and controls

46 lines (26 loc) · 2.17 KB

Security policy

Did you find a security-related issue in one of our products? We'd like to guideline you through the process from the first contact till the public announcement of a security fix.

Thank you for taking time reading the following information carefully. Your contribution is highly welcome!

Scope

This security policy is related to i-doit incl. all its sub-projects and public systems.

Supported versions

Please ensure that your findings affect the latest stable release of our software application. If you find any security issues in an older version of our software application please make sure it has not been already fixed in the current version.

About us

i-doit is maintained by the synetics GmbH, located in Düsseldorf/Germany. You can contact us in both English and German.

What are security-related issues?

These are examples for security-related issues:

  • Vulnerability in one of our public systems, e.g. our websites
  • Vulnerability in one of our software applications, e.g. i-doit
  • Disclosure of private information, e.g. user data and secrets

These issues affect the availability, confidentiality and/or integrity of our systems, software applications and the data we must protect.

Responsible disclosure

We encourage you to follow the principles of a responsible disclosure. In short, we kindly ask you to:

  • Inform us immediately after you found an issue
  • Do not publish your findings without our confirmation
  • Give us at least 4 weeks to fix the issue if your findings are confirmed as security-related
  • Publish your findings after we publicly announce security fixes

Common Vulnerabilities and Exposures (CVE)

A CVE is very much appreciated.

Contact us

Contact us directly via e-mail: security@i-doit.com

We highly recommend to sign and encrypt your e-mail with GPG/OpenPGP. Our public key is available on keys.openpgp.org and can be downloaded from i-doit.cloud/security_key.asc.