ivocotec Logo

Report a security problem (Vulnerability Disclosure Policy – VDP)

We respect and welcome the work of security researchers and white hat hackers and we expressly ask to report any security problems found on ivocopro.de or ivocotec.de to security@ivocotec.de.

If you comply with the conditions below we will NOT regard your actions as „unlawful“ in the sense of par. 202a and 303a StGB (German penal code). In this case, we will abstain from prosecution requests under criminal and/or civil law and will confirm that in case of demands by third parties.

The following conditions apply:

You inform us first about the problem and do not pass your knowledge to third parties. You give us enough time to respond to security problems before publishing them.

You only test our application and our systems remotely over the internet. Any attempt of gaining physical access to devices of ivocoTec, our partners or customers is not covered by this policy.

You have made every effort not to damage our systems nor to read, delete or manipulate any foreign data. In particular, you do not conduct any Denial-of-Service attacks and you only use your own test accounts (if you have any). Should you in the course of your research by mistake find any foreign sensitive data, please inform us immediately, do not save the data anywhere and delete any existing copies.

Of course, you will not try to extort us or our customers. We will not negotiate under duress. If you find something please inform us. Afterward, we might consider a bounty and its height.

Currently, we do not conduct a public Bug Bounty Program. However, if there is a (private) Bug Bounty Program, a Hacker Challenge or something similar at the time of an issue being reported we will treat (and reward if applicable) any reported problems under the same conditions – whether they are reported within the program‘s framework or directly to us.