In order to be able to handle security-critical incidents quickly and effectively, DRACOON has set up the e-mail address security@dracoon.com. Incidents reported to this address are automatically forwarded to DRACOON's CERT team, which evaluates and prioritizes them based on their impact on information security.
All customers are therefore required to immediately send critical security incidents to the e-mail address security@dracoon.com. The information transmitted is subject to confidentiality.
DRACOON sees itself as a provider of security solutions and therefore attaches great importance to secure software development (SSDL) and corresponding quality assurance in its own processes and structures. However, even with the greatest of efforts, we cannot prevent vulnerabilities from occurring in our services. Therefore, in addition to regular penetration tests, we also run a private bug bounty program on YesWeHack that interested security researchers can sign up for.
If you find a vulnerability, you can report it either through the program or directly to security@dracoon.com. Our PGP key can be found here. Our security team will analyze the report and fix the vulnerability. We encourage anyone who finds a vulnerability to report it responsibly. The information provided will be kept confidential.
Actions under this Responsible Disclosure Policy should be limited to performing testing to identify potential vulnerabilities and sharing that information with DRACOON. If you wish to publish information about the vulnerability after it has been fixed, please notify us at least one month before publication and give us the opportunity to comment. DRACOON may not be named in any publication without our express consent.
We ask you to respect the following guidelines:
© 2023 DRACOON GmbH
Made in Germany
Phone. +49 (941) 7 83 85-0
