Reporting vulnerabilities and security gaps related to ekey products and services

ekey’s Product Security Incident Response Team (or “ekey PSIRT” for short) offers customers, partners, testers, and security experts a central point of contact and a consistent process for reporting security vulnerabilities identified in ekey products and services. . The focus of the team’s work is communication with all those affected, both internally and externally.

Reports on potential vulnerabilities or other incidents are expressly welcome from everyone – regardless of customer status.

How do I report a vulnerability?

Have you noticed a potential vulnerability or security incident in connection with an ekey website or an ekey product, or have you discovered a data protection problem? Please proceed as follows.

Include as much information as possible in a report so we can process it quickly. For website or product vulnerabilities, add the following information:

  • Contact information
  • Affected product including model and firmware version (if known)
  • URL address for vulnerabilities on websites
  • Detailed description of the vulnerability (if possible with evidence)
  • Impact of the vulnerability (if known)
  • Current awareness of the vulnerability (Are there any concrete release plans?)
  • CVSS score (if known)

We recommend encrypting all communications with the ekey PSIRT:

  • Download the PGP public keys
  • Fingerprint scanner: D7AD 73CD 31A1 E5FE 0B67 6037 D805 C2B3 679A 159B

Send your message to