Security Information

PSIRT – Product Security Incident Response Team

The Softing PSIRT is a central team at Softing tasked with managing the investigation and disclosure of security vulnerabilities. All reports about possible vulnerabilities or other security incidents in connection with Softing products can be forwarded to the Softing PSIRT. The Softing PSIRT coordinates and maintains communication with everyone involved, both internally and externally, so that it can provide an appropriate response to any security problems that are identified.

Why should you report vulnerabilities?

Disclosing vulnerabilities enables us to fix these vulnerabilities and inform customers using the products in question about the fix. This approach can help us to keep making our products more secure and above all support Softing customers in managing security risks.

If you think you have uncovered a security vulnerability in a Softing product, please report it by email to .

Please include the following information with your report:

  • Contact information and availability
  • Affected product including model and version number
  • Classification of the vulnerability (buffer overflow, XSS, …)
  • Detailed description of the vulnerability (with verification if possible)
  • Effect of the vulnerability (if know)
  • Current level of awareness of the vulnerability (are there plans to disclose it or is there disclosure policy in place?)
  • (Company) affiliation of the reporter/finder (if reporter/finder is prepared to provide such information)
  • CVSS score (if known)

What will happen to your report?

The Softing PSIRT process is based on the FIRST framework and follows its four steps:
Discovery, Triage, Remediation, Disclosure.

Softing will ensure that the information is sent to a select group of designated Softing employees with experience in dealing with incidents of this type: the Softing Product Security Incident Response Team (PSIRT). Neither unauthorized employees nor external users will have access to the information you send.

In addition, Softing will ensure that the identity and contact details of the security expert are kept confidential and not published in any public statements (advisories and bulletins) unless explicitly requested by the security expert. The Softing PSIRT will investigate the reported vulnerability and contact you as soon as possible.

Stay up to date

The Softing PSIRT investigates all reports of security problems and publishes security advisories about validated security vulnerabilities that affect Softing products directly and require either a software update, software upgrade or another action by the customer. As part of ongoing efforts to support operators in addressing security risks and in ensuring the protected operation of systems, the Softing PSIRT publishes information that operators need to evaluate the ramifications of a security vulnerability.

Stay up to date with our security advisories

We publish information about vulnerabilities in Softing products and new or updated security advisories on our web pages.

Contact Softing PSIRT

Softing PSIRT public keys

Click here to download our PGP key

Fingerprint: 220C 4E9E 9A71 17BB C8E1 F863 0D5C 307C CACE DEDC

Languages: German or English
Transmission: preferably encrypted

 

Industrial

Security Information

x

Softing

Richard-Reitzner-Allee 6
D-85540 Haar

Parking
List of Hotels

+49 89 4 56 56-0

+49 89 4 56 56-399

«