Vulnerability Disclosure


SCHUTZWERK publishes vulnerabilities as part of a Responsible Disclosure process. This gives manufacturers the opportunity to close the vulnerability. In addition, customers and users of the affected product can find out about possible threats in a timely manner.

Responsible Disclosure Policy

  • A publication of the vulnerability as part of a responsible disclosure process is intended
  • The vulnerability will be published 90 days after initial communication to the vendor
  • After submission of the vulnerability, an initial response is expected within 10 days
  • It is expected that the vendor sends regular status updates to SCHUTZWERK
  • If a patch is released, the advisory will be published immediately, or no later than 30 days (after discussion with the vendor)
  • In justified cases, an alternative publication schedule which differs from the standard disclosure process can be mutually agreed on

Public PGP Key

We use PGP for all advisory related communication and to sign our advisories.

You can find our public PGP key here: Download PGP Key

Published Advisories

Here you can find our already published vulnerabilities: Advisories

Free Consultation