Reporting of weak points and security gaps in connection with SIEGENIA products and services.
The "Product Security Incident Response Team" of SIEGENIA, or in brief SIEGENIA PSIRT, offers customers, partners, testers and security experts a central contact point and a consistent process for reporting security gaps identified in SIEGENIA products and services. The focus of the work of the team is on the communication with persons affected, both internal and external.
Reports about potential weak points or other incidents are explicitly welcome from anyone – regardless of possible customer status.
How do I report a security gap?
Have you noticed a potential weak point or a security gap in connection with a SIEGENIA product or have you detected a data protection problem? Please proceed as shown below.
Include as much information as possible in your report so that we can deal with it swiftly. For product weak points, add the following information:
- Name of the reporter: we will respect your interests if you wish to remain anonymous.
- Contact details: email address and phone number where we can reach you.
- Product affected, including model and firmware version (if known)
- Detailed description of the weak point (if possible with evidence)
- Effect of the weak point (if known)
- Current degree of knowledge about the weak point (are there any concrete announcement plans?)
Please send your report to psirt@siegenia.com
What can you expect if you report a weak point?
- You will receive a response from the PSIRT team within 14 days. In this phase the receipt of your report will be confirmed and the reported weak point passed on to the responsible product and application team at SIEGENIA for processing.
- You will also be notified as soon as the problem has been confirmed as a security gap and a remedial action plan will be created. Effects, degree of severity and complexity will be taken into account for the prioritisation of the remedial measures.
- Our team will ensure that information about the weak point is only exchanged between the relevant processors throughout the entire weak-point rectification process. You will be requested to treat the information confidentially until a solution is found for our customers.
- The maintenance of the communication between all parties involved, both internal and external, is an integral part of the PSIRT process of SIEGENIA. The entire sequence of actions up to the rectification of the reported weak point will be accompanied by regular status updates to you.
- We will not initiate any civil proceedings or submit a complaint to the law enforcement authorities as long as the disclosure is undertaken responsibly.