Responsibility

At riskine, we take the security of our products, services and customers very seriously. We are certified in accordance with ISO/IEC 27001, the world's best-known standard for information security management systems (ISMS), and fully comply with the standard. The certificate is available for download here.
We are aware that the discovery and responsible reporting and handling of known security vulnerabilities play an essential role in improving security. If you notice a vulnerability, please report it via our dedicated e-mail address: infosec#riskine.com.

What should a report contain?

  • Description: Please give us a clear and comprehensible description of the vulnerability you have found.
  • Reproduction steps/proof-of-concept: Include a step-by-step guide on how to reproduce the vulnerability.
  • Affected versions: Please inform us about the affected URL or software version.
  • Impact: Describe the potential impact of the vulnerability (from your perspective).
  • Contact details: Please tell us how we can contact you if we have any questions.

What’s next?

  1. Initial assessment: Our security team will review your submission and provide prompt feedback.
  2. Investigation & rectification: We will investigate the security vulnerability and take the necessary measures to rectify it.
  3. Conclusion: We will keep you informed about the progress of the investigation and the rectification of the vulnerability. We will inform you once the process has been completed and the problems have been resolved.

Responsible Disclosure

The security of our products and the secure processing of customer data are very important to us. Your responsible reporting of security vulnerabilities makes a significant contribution to achieving this goal. Thank you for your commitment and support.

We ask you to keep the vulnerability confidential and give us sufficient time to resolve it before any information is made public.

We are committed to responding to your report and fixing the vulnerability within a reasonable timeframe.

Recognition & Acknowledgements

We recognize the valuable contribution of security researchers and users who bring security vulnerabilities to our attention. Upon request and after consultation, we will mention names in our acknowledgements or provide official recognition. Please note that we do not offer financial compensation or rewards for reporting security vulnerabilities.

Legal Notice

The above information serves as a guide for responsible vulnerability reporting and does not constitute a legal agreement. We explicitly point out that this policy does not give permission or authority to hack, test or otherwise tamper with our systems. We reserve the right to take appropriate measures to protect our rights, networks and information systems.