If you believe you have discovered a vulnerability in one of our workstations or services, then please come by one of our offices to report it or drop us an email at irb+security(at)upb(dot)de. You may encrypt these emails with the GPG Key 0x1BDE5F6203DF5C97.
We take your reports seriously and will do our best to fix any problems in a timely manner.
We ask that you
- give us reasonable time to investigate and mitigate an issue you report before making any information about it public.
- make a good faith effort to avoid privacy violation and disruptions to others.
- do not exploit a security issue you discover for any reason. This could impact other user's privacy or cause service disruptions.
- do not violate any other applicable laws or regulations.
We will investigate all reports you submit and will provide you with feeback regarding their resolution. If possible, we will also offer you the opportunity to further examine the practical impact of these issues in co-operation with our team in a controlled environment, as long as this does not impact the availability and integrity of our other systems.