ondeso manufactures various products that offer you reliability and quality. Despite the greatest care and extensive testing during the creation of ondeso products, they may still contain weaknesses. Since we place the highest value on the security of our products in the production environments of our customers and partners, we stand for an open exchange and trustworthy communication as well as prompt risk minimization.
If you have found a vulnerability in ondeso products, please notify us so that we can review and assess it and provide a solution as soon as possible. A notification of the vulnerability should be made directly to ondeso in a secure way as shown here as part of the ‘Responsible Disclosure’.
The focus should be on finding vulnerabilities without compromising customer data, privacy and service availability.
If vulnerabilities are found, please give us the opportunity to fix them as part of the ‘Responsible Disclosure’ process so that any potential damage that could also result from the vulnerability can be prevented. We process every qualified report with the necessary care and strive to provide feedback as soon as possible.
1. Inform yourself about the scope for vulnerability reporting.
2. Send an encrypted email to the following address: Vulnerability@ondeso.com using PGP public key (fingerprint: 0159 6A97 2113 C416 1942 6719 DCF8 AB3E 9D9C BA2C).
Instruction for the reproduction of the issue*
Further relevant information
Contact details (optional)
Fields marked with * are mandatory fields.
3. Do not share the information with third parties
We try to fix the vulnerabilities as soon as possible or provide suitable measures to minimize the risk. You will receive feedback from us regarding the validity of the reported vulnerability as well as the planned further procedure.
As a matter of principle, we treat your report confidentially and do not pass on your data to third parties.
Any design, implementation or deployment issue that affects the security of ondeso products can be reported.
Valid for all ondeso products.
The following vulnerabilities are not within the scope of the Vulnerability Disclosure Policy:
Here you will find an overview of our products and solutions.
Here you will find answers to your questions about topics such as active directory connection, domains and frameworks.
Here you can learn more about our company and our expertise as a pioneer and market leader.