Responsible Disclosure

- or how we intend to handle reports of vulnerabilities.

The security of the Schluss systems has the highest priority. This is why we invite everyone to help us with that.

If you discover a problem in one of our systems, please do let us know as soon as possible. We will then be able to take appropriate actions immediately. Schluss will act respond to alerts in accordance with the following rules. When alerting us, you in turn also agree to these rules.

We encourage the open source community to join us in developing this platform even further.

We ask:

  1. E-mail your findings to info@schluss.org. If possible encrypt the message and send it over a secure connection to prevent the information from falling into the wrong hands.
  2. Provide sufficient information for us to be able to reproduce the problem, so we can fix it as quickly as possible. Usually the IP address or URL of the affected system and a description of the problem is enough, but with more complex vulnerabilities more information may be required.
  3. Provide you contact detail (e-mail address or telephone number) so we can get in touch with you to work together on resolving the issue.
  4. Inform us as quickly as possible after discovering the problem.

What we do after your report:

  1. We treat your report confidential and do not share your personal information with third parties without your permission, unless we are obliged to do so by law or court order.
  2. In principle, you remain anonymous. But if you wish, we can put your name as the discoverer of the reported weaknesses. We do that after mutual consultation.
  3. We will respond within 3 business days of notification with an initial assessment, and, possibly, with an expected date for a solution.
  4. We will solve reported weakness as soon as possible. We try as much as possible to keep abreast of progress and normally will solve this within 90 days.
  5. By our mutual consent we determine if and how we will publish the weakness after this has been dissolved.
  6. Your reward. We work as a community, in which you contribute to improve Schluss. With this you contribute to a better internet.

Trying to break it is very welcome as long as you also fix the code. Furthermore don’t be evil