At WUCSS, we take security vulnerabilities seriously and appreciate your help in responsibly disclosing any potential issues. To report a security vulnerability, please follow these steps:
-
Step 1: Reach out to us by sending an email to Simon Gross. Please include the word "WUCSS REPO SECURITY VULNERABILITY" in the subject line.
-
Step 2: Provide detailed information about the vulnerability, including:
- A clear description of the vulnerability and its potential impact.
- Steps to reproduce the vulnerability.
- Any additional information or tools required for reproduction.
- Your name and contact information.
-
Step 3: Once the vulnerability is confirmed and mitigated, we will release the necessary fixes and updates.
If you find critical vulnerabilities such as SQL Injection, Remote Code Execution or Exposed Credentials and can provide a proof of concept, the Roche Vulnerability Management Team may also invite you to Roche's private HackerOne bug bounty programme and reward you for your findings.
- We kindly request that you do not exploit any potential vulnerabilities you discover.
- We commit to keeping you informed about the progress of resolving any reported vulnerabilities and to provide credit (if desired) for your responsible disclosure.
This security policy applies to all versions of our software and services.
Your assistance in finding and responsibly reporting vulnerabilities is invaluable. We appreciate your efforts to help us maintain the security and integrity of our project. If you have any suggestions or further questions regarding our security practices, please contact us.