Vulnerability Disclosure Policy

This policy is for security researchers and any individual who believes to be aware of a security issue within easyVerein



We value your contribution!


No technology and no human is perfect and we believe that working with security experts is crucial in identifying security issues and weaknesses in software and services. If you believe you've found a security issue in easyVerein or its close-coupled components and services, we would like to encourage you to notify us immediately!

We welcome working with you to resolve the issue promptly to ensure the highest security level for anyone involved.

For the purpose of intended security researches we run a dedicated easyVerein instance on the following domain. We ask you to refrain from using our live system for research purposes and use our testing environment "Morris" instead. Morris has no access to any productive data but there are various test accounts (e.g. accounts for Alice and Bob) preconfigured.

Access the instance: https://morris.sd-server.de


Disclosure Policy

When you search for or found security issues please follow the following guidelines to ensure a fast resolution

  • Let us know as soon as possible upon discovery of a potential security issue or major weakness, and we'll make every effort to quickly resolve the issue.
  • Send us a detailed report that contains steps to reproduce or a proof of concept and the possible / estimated impact.
  • Provide us a reasonable amount of time to resolve the reported issue before any disclosure to the public or a third-party.
  • Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service.
  • Only interact with accounts you own or with explicit permission of the account holder.

    • On our test environment "Morris" you may also interact with Alice and Bobs account


Scope of this policy

While researching, we to ask you to refrain from the following methods or targets

  • Denial of service (DDOS) attacks against live services
  • Spamming or Phishing users or employees
  • Using automated testing tools
  • Social engineering of our staff or contractors
  • Any physical attempts against properties or data centers
  • External services, integrations or functionality that includes any third-party



Safe Harbor

Any activities conducted in a manner consistent with this policy will be considered authorized conduct and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.


Thank you for helping us keep our users safe!




Please use the following form to submit your findings to us


Your email address:



Please describe your finding:

Secure upload file:

Please enter the verification code below, wich we have send to your email, to verify the authenticity of the email




Jetzt die Vereinssoftware kostenlos testen!


Vereinssoftware mit Serverstandort Deutschland

easyVerein® - eure Vereinssoftware

easyVerein ist eine Cloud-Software für Vereine, Verbände und Organisationen. Ihr und eure Mitglieder könnt jederzeit von überall auf eure Daten zugreifen und gemeinsam arbeiten. Macht euch die Vereinsverwaltung einfach: Mit easyVerein!

Software made in Germany - Bundesverband IT-Mittelstand e.V.

Links

Impressum

Datenschutzerklärung

Kündigung einreichen

Nutzungsbedingungen

Vulnerability Disclosure Policy

Vergleichssieger bei Vergleich.org

Kontakt

Support & Vertrieb

Handbuch & Hilfe

Systemstatus

Für Hilfsorganisationen






               



© 2024 - easyVerein® ist eine Marke der SD Software-Design GmbH