Kistler Group welcomes feedback from security researchers and the general public to help improve our security. If you believe you have discovered a vulnerability, privacy issue, exposed data, or other security issues in any of our assets, we want to hear from you. This policy outlines steps for reporting vulnerabilities to us, what we expect, what you can expect from us.
Systems in Scope
This policy applies to
- All products of the Kistler Group
- All internet-facing systems of the Kistler Group
- We do not consider the pure absence of a security feature a security vulnerability.
- We are not interested in findings which are commonly generated by automated scanners such as missing HTTP headers, TLS configurations, Cookie flags, Clickjacking, etc., except if you can use them to create a meaningful PoC exploit.
Out of Scope
General Out of Scope items
- Denial of Service Attacks
- Social Engineering
- Phishing
- Physical access to Kistler facilities or to facilities of Kistler partners
- Assets or other equipment not owned by parties participating in this policy
Vulnerabilities discovered or suspected in out-of-scope systems should be reported to the appropriate vendor or applicable authority.
Special Scope items
- www.kistler.com : Main Website, we are only interested in critical vulnerabilities such as Remote Code Execution (RCE)