- Responsible disclosure of security gaps (Responsible Disclosure)
Responsible disclosure of security gaps
Quality, reliability, security - three essential values from which trust grows. For this reason, ifm bases every action on these three values. This also applies to its information and communication services. And even if we cannot rule out security gaps 100 percent, we do everything we can to get close to the ideal state.
This is why we encourage IT and data security experts and others who discover security gaps in our products and offers to contact us and work with us to actively prevent damaging, illegal exploitation of these vulnerabilities.
How to report a vulnerability to us
Any person, institution or organisation that discovers a security gap in our offers or products can contact ifm's IT security experts confidentially and unbureaucratically via the following contact form. We will then work with you to remedy the vulnerability you have discovered, providing increased security for future users of the affected offer or product.
If you have discovered a vulnerability, we ask you not to publish it, but to contact us immediately and exclusively, so that we can work together purposefully and in a coordinated manner to disclose the security gap in a responsible manner.
We guarantee to respond to your message and get in touch with you within 2 working days in case of relevant vulnerabilities. Upon request, you will be mentioned with thanks for your commitment to the security of our company and our customers after the vulnerability has been successfully remedied.
Please provide as much information as possible in your message in German or English:
- Your contact details and availability
- Affected product or offer
- Detailed description of the vulnerability (if possible with an evidence)
- Impact of the vulnerability (if known)