Introduction
At tenckhoff.de, we place great importance on the security of our website and systems. This policy outlines how security researchers can report potential vulnerabilities and the procedures we follow to collaborate with them.
Contact
If you have discovered a vulnerability, please contact us through the following channels:
- Email: security@tenckhoff.de
- PGP key for encrypted communication: https://tenckhoff.de/pgp-key.txt
Guidelines for Security Researchers
To ensure your security research is ethical and legal, please adhere to the following guidelines:
- Do no harm:
Avoid conducting tests that could disrupt the operation of our systems. - No data exfiltration:
Do not access data that does not belong to you. Work with minimal data wherever possible. - Responsible reporting:
Report vulnerabilities confidentially and allow us sufficient time to fix them before making any information public. - Scope of testing:
Only test systems and domains hosted under tenckhoff.de. Third-party systems are explicitly excluded.
What We Need From You
When reporting a vulnerability, please provide the following information:
- A detailed description of the vulnerability.
- Step-by-step instructions to reproduce the issue.
- (If possible) Proof of Concept (PoC) or screenshots.
- Your preferred contact information for follow-up questions.
Our Process
Upon receiving your report, we will take the following steps:
- Acknowledgment of receipt:
We will confirm receipt of your report. - Analysis:
Our security experts will analyze the vulnerability and assess its severity. - Remediation:
We will work to resolve the issue. - Feedback:
Once resolved, we will share our findings and actions taken with you.
Rewards (Bug Bounty)
We appreciate your help in improving our security. As a token of our appreciation, we offer the opportunity to license one image from our photo archive in JPEG format and full resolution free of charge. You can find the licensing terms here: https://tenckhoff.de/lizenzbedingungen.
Please note that the awarding of a reward is solely at our discretion.
Legal Disclaimer
We assure you that we will not pursue legal action against security researchers who adhere to our guidelines. However, please note that illegal activities or the exploitation of vulnerabilities may result in legal consequences.
Changes to This Policy
We reserve the right to amend this policy at any time. Please review this page regularly to stay updated.
Thank You!
We thank you for your support in securing our systems and look forward to a trustworthy collaboration.
- 16 views
0009-0008-1422-7931