Reporting vulnerabilities and security gaps related to ekey products and services

ekey’s Product Security Incident Response Team (or “ekey PSIRT” for short) offers customers, partners, testers, and security experts a central point of contact and a consistent process for reporting security vulnerabilities identified in ekey products and services. . The focus of the team’s work is communication with all those affected, both internally and externally.

Reports on potential vulnerabilities or other incidents are expressly welcome from everyone – regardless of customer status.

Have you noticed a potential vulnerability or security incident in connection with an ekey website or an ekey product, or have you discovered a data protection problem? Please proceed as follows.

Include as much information as possible in a report so we can process it quickly. For website or product vulnerabilities, add the following information:

• Contact information
• Affected product including model and firmware version (if known)
• URL address for vulnerabilities on websites
• Detailed description of the vulnerability (if possible with evidence)
• Impact of the vulnerability (if known)
• Current awareness of the vulnerability (Are there any concrete release plans?)
• CVSS score (if known)

We recommend encrypting all communications with the ekey PSIRT:

• Download the PGP public keys
• Fingerprint scanner: D7AD 73CD 31A1 E5FE 0B67 6037 D805 C2B3 679A 159B

Send your message to psirt@ekey.net.