Basic guidelines for vulnerability reporting
For us to be able to identify, investigate and resolve issues as efficiently and quickly as possible, please follow these guidelines when reporting issues:
- Work together with us! Errors can occur anywhere, therefore, we expect fair interaction
- Describe the vulnerabilities/incidents as precisely as possible. Include screenshots, proof of concept scripts or step-by-step instructions, if applicable
- Do not exploit discovered security vulnerabilities and do not cause any damage
- Comply with the legal requirements applicable in Switzerland and in your country of domicile
- Do not publish any vulnerabilities you discover in other places/channels (e.g. social media).
- Give us at least 90 days to review your report and address any vulnerabilities (in most cases only takes a few hours or days).
Furthermore, please note that simple suggestions for improvements or notices about the lack of certain features are not suitable for our Bug Bounty program.