Security Policy
Please disclose vulnerabilities responsibly per email. In turn, there will be no legal action against you.
Coordinated Disclosure Policy
If you discover a security vulnerability in a product, project, or web presence maintained by Weichwerke Heidrich Software or Simon Heidrich, please follow these guidelines:
- Report the security vulnerability as described below .
- Include enough information to reproduce the issue. The more detailed the description, the faster the problem can be resolved.
- Include a contact method for potential follow-up questions.
Additionally, you are strongly implored to:
- Not disclose the vulnerability to anyone else.
- Not exploit the vulnerability beyond what is necessary for a proof of concept.
- Not publish tools or instructions for exploiting the vulnerability without prior discussion with Simon Heidrich.
As long as you adhere to these guidelines, the following is guaranteed in return:
- Weichwerke Heidrich Software or Simon Heidrich will not take any legal action against you in connection with the security vulnerability.
- The security vulnerability will be evaluated within 14 calendar days, and a deadline for a resolution will be set. You will be kept informed of developments.
- Upon request, you will be publicly acknowledged as the discoverer of the security vulnerability.
Security Vulnerability Reporting
Please adhere to the Coordinated Disclosure Policy .
Send all security-related information via email to info@wwh-soft.com .
You are encouraged, though not required, to encrypt this email using OpenPGP to ensure the confidentiality of the information. An introduction to OpenPGP can be found in the BOMnipotent documentation . You can find the public key here for direct download.
Hall of Fame
| Name | Reference | Vulnerability | Date |
|---|
Weichwerke Heidrich Software extends their gratitude to everyone who has disclosed vulnerabilities to them, including those who prefer to remain anonymous.