Reporting a security vulnerability

We take security and data protection at eos.uptrade very seriously and investigate all reported security vulnerabilities! Whenever you think you have identified a privacy or security issue or vulnerability related to eos.uptrade's products or services, please contact our Security Team immediately, so that we can address it as soon as possible.

The eos.uptrade Security Team can be reached at any time by email:

  • If you are a customer with an active support contract, please contact our Technical Support.
  • If you are not a customer, please report all possible and found security vulnerabilities in eos.uptrade's products to our Security Team, see "How to contact eos.uptrade?".

Thank you very much for your efforts.


How to contact eos.uptrade?

If possible, please send an encrypted email (S/MIME or OpenPGP) to security-ext@eos-uptrade.de. If you do not have the possibility to encrypt your email, please use our Contact form or send an unencrypted email alternatively.

S/MIME
Please use the following S/MIME certificate at https://www.eos-uptrade.de/public-keys/smime-key-security-ext.crt.

OpenPGP
Please use the following OpenPGP key at https://www.eos-uptrade.de/public-keys/security-ext-openpgp-public.key.


How will I as a customer be informed about security vulnerabilities?

We do not offer the option of notifying customers individually. Rather, we actively notify all affected customers via our Technical Support in the event of active security vulnerabilities. We provide security patches immediately and discuss the further procedure with you.


When should you NOT send an email to us?

Not in every case you should send us an email. In order to respond to real privacy or security issues as quickly as possible, we need to keep unnecessary work away from our Security Team. Please refrain from contacting our Security Team if...

  • ... you are a customer with an active support contract.
  • ... you need technical support for one of our products (e.g. "How do I configure new products in the cockpit of the eos.ticketingsuite?").
  • ... you read about general security issues in the press. Our Security Team is constantly aware of publicly known security vulnerabilities that could affect our products.
  • ... you have questions about non-security-related issues.

If one of these cases applies to you, please contact our Technical Support. If our Support identifies a privacy or security issue, they will take immediate action and escalate the issue to our Security Team.