Weichwerke Heidrich Software

Coordinated Disclosure Policy

If you discover a security vulnerability in a product, project, or web presence maintained by Weichwerke Heidrich Software or Simon Heidrich, please follow these guidelines:

• Report the security vulnerability as described below .
• Include enough information to reproduce the issue. The more detailed the description, the faster the problem can be resolved.
• Include a contact method for potential follow-up questions.

Additionally, you are strongly implored to:

• Not disclose the vulnerability to anyone else.
• Not exploit the vulnerability beyond what is necessary for a proof of concept.
• Not publish tools or instructions for exploiting the vulnerability without prior discussion with Simon Heidrich.

As long as you adhere to these guidelines, the following is guaranteed in return:

• Weichwerke Heidrich Software or Simon Heidrich will not take any legal action against you in connection with the security vulnerability.
• The security vulnerability will be evaluated within 14 calendar days, and a deadline for a resolution will be set. You will be kept informed of developments.
• Upon request, you will be publicly acknowledged as the discoverer of the security vulnerability.

Security Vulnerability Reporting

Please adhere to the Coordinated Disclosure Policy .

Send all security-related information via email to info@wwh-soft.com .

You are encouraged, though not required, to encrypt this email using OpenPGP to ensure the confidentiality of the information. An introduction to OpenPGP can be found in the BOMnipotent documentation . You can find the public key here for direct download.