Reporting vulnerabilities and security gaps related to ekey products and services

ekey’s Product Security Incident Response Team (or “ekey PSIRT” for short) offers customers, partners, testers, and security experts a central point of contact and a consistent process for reporting security vulnerabilities identified in ekey products and services. The focus of the team’s work is communication with all those affected, both internally and externally.

Reports on potential vulnerabilities or other incidents are expressly welcome from everyone – regardless of customer status.

How do I report a vulnerability?

Have you noticed a potential vulnerability or security incident in connection with an ekey website or an ekey product, or have you discovered a data protection problem? Please proceed as follows.

Include as much information as possible in a report so we can process it quickly. For website or product vulnerabilities, add the following information:

  • Contact information
  • Affected product including model and firmware version (if known)
  • URL address for vulnerabilities on websites
  • Detailed description of the vulnerability (if possible with evidence)
  • Impact of the vulnerability (if known)
  • Current awareness of the vulnerability (Are there any concrete release plans?)
  • CVSS score (if known)

We recommend encrypting all communications with the ekey PSIRT:

  • Download the PGP public keys
  • Fingerprint scanner: D7AD 73CD 31A1 E5FE 0B67  6037 D805 C2B3 679A 159B

Send your message to