Contacting the security emergency response team
G+D is committed to resolving vulnerabilities to meet the needs of its customers and the broader technology community. We describe in the following G+D’s policy for receiving reports related to potential security vulnerabilities in its products and services and the company’s standard practice with regards to informing customers of verified vulnerabilities.
Contact the G+D security experts team in one of the following situations:
- You have identified a potential security vulnerability with one of our products
- You have identified a potential security vulnerability with one of our services.
After your incident report is received by sending us an e-mail to the address email@example.com the appropriate personnel will contact you to follow-up and will at the same time provide an S/MIME certificate to be used in further communication. To ensure confidentiality, we encourage you to encrypt any sensitive information you send to us via e-mail, although this is of course optional.
G+D attempts to acknowledge receipt to all submitted reports within seven days. From there G+D will work with the reporting person/s to timely verify and mitigate the reported security issue while maintaining a high level of transparency and diligence.
Receiving security information from G+D
Technical security information about our products and services are distributed through several channels.
- G+D distributes information to affected customers about security vulnerabilities via e-mail from firstname.lastname@example.org. In most cases, we will issue a notice when we have identified a practical workaround or fix for the particular security vulnerability though there can be instances when we issue a notice in the absence of a workaround when the vulnerability has become widely known to the security community. As each security vulnerability case is different, we can take alternative actions in connection with issuing security notices. G+D can determine to accelerate or delay the release of a notice or not issue a notice at all. G+D does not guarantee that security notices will be issued for any or all security issues customers can consider significant or that notices will be issued on any specific timetable.
- Security-related information can also be distributed by G+D to public newsgroups or electronic mailing lists. This is done on an ad hoc basis, depending on how G+D perceives the relevance of each notice to each particular forum.
All aspects of this process are subject to change without notice, as well as to case-by-case exceptions. No particular level of response is guaranteed for any specific issue or class of issues.
Use of the information constitutes acceptance for use in an AS IS condition. There are no express or implied warranties or assurances with regard to this information. Neither the author nor the publisher accepts any liability whatsoever for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
We accept reports of security vulnerabilities and serve as a coordinating body that works with affected vendors to resolve vulnerabilities. If you believe you have found a security vulnerability that has not been resolved, please provide us with relevant information as described above. As our vulnerability disclosure policy explains, we send information submitted in vulnerability reports to affected vendors. By default, we will share your name with vendors and publicly acknowledge you in documents we publish. If you do not want us to share your name or publicly acknowledge you, please let us know.