Responsible Disclosure
Guidelines for security researchers reporting vulnerabilities.
Report a Vulnerability
We appreciate security researchers who help us identify vulnerabilities. Please report security issues to: security@webasto.co
Guidelines
- Provide detailed information about the vulnerability
- Include steps to reproduce the issue
- Allow reasonable time for us to address the issue
- Do not access or modify customer data
- Do not disclose publicly before we've resolved the issue
Scope
This policy covers webasto.co and our customer-facing platforms. Third-party services are out of scope.
Our Commitment
We will acknowledge reports within 48 hours, keep you informed of progress, not pursue legal action for good-faith research, and credit researchers who follow these guidelines (if desired).
Out of Scope
Social engineering attacks, denial of service testing, and physical security testing are not permitted under this policy.