Responsible Disclosure Policy
The information on this page is intended for security researchers interested in reporting security vulnerabilities to the Transporeon security team. If you are a customer and have a question about security or a password or account issue, please contact us through the regular support channels.
Transporeon regularly reviews its Responsible Disclosure Policy from a legal and operational perspective.
Security is core to our values, and we value the input of security researchers acting in good faith to help us maintain a high standard for the security and privacy for our users. This includes encouraging responsible vulnerability research and disclosure. This policy sets out our definition of good faith in the context of finding and reporting vulnerabilities, as well as how we handle your report.
How to Contact Us
Our official communication channel is via the form. Please click on the "Report Vulnerability" button in the bottom right corner and report the problem. The issues are triaged by a Security Analyst before being escalated to the appropriate team.
Please, write your report in English or German and provide us with enough information to reproduce the vulnerability. Please include your contact information so we can contact you directly. If you do not wish to be contacted, that is acceptable but may impede our ability to investigate and correct the vulnerability.
When conducting vulnerability research according to this policy, we consider this research to be authorized, lawful, helpful to the overall security of the Internet, and conducted in good faith.
You are expected, as always, to comply with all applicable laws. If at any time you have concerns or are uncertain whether your security research is consistent with this policy, please submit a report through our Official Channel before going any further.
To encourage vulnerability research and to avoid any confusion between good-faith hacking and malicious attack, we ask that you:
You are not allowed to publicly discuss or publish any vulnerability before it has been fixed and you have received explicit permission from us to do so.
This policy covers all Transporeon services, products or web properties.
Please note! Most reports we receive have little or no security impact or are already known. To avoid a disappointing experience when contacting us, please take a moment and consider if the issue you want to report has a realistic attack scenario.
More specifically, we ask you to not submit issues regarding:
Actions you can expect from us:
When working with us according to this policy, you can expect us to:
Transporeon appreciates the efforts of security researchers in identifying vulnerabilities and cooperating with us to ensure the safety of our customers. We are grateful to you for doing your best to improve the security and safety of our products and the Internet community as a whole.