Choose a different country to see content for your location and shop online

Gratis verzending vanaf € 50 Rechtstreeks van de fabrikant Voor 15.00 uur besteld - vandaag verzonden! Gratis retour
Naar de startpagina
€ 0,00*
Melding van veiligheidslekken

Paulmann vulnerability disclosure policy for the smik system

Stand: June 11, 2025, Version 1.0 

Paulmann welcomes reports of potential vulnerabilities from the security community. Your responsible disclosure helps us identify and address issues before they can be exploited, allowing us to initiate our incident response process and safeguard the safety and security of our customers and services. We appreciate your valuable contribution. 

To ensure a secure and efficient handling of your report, please follow the procedure and aspects outlined below when submitting any vulnerability findings. 

Reporting Procedure

1. Please send all submissions to the following email address: vulnerabilities@paulmann.de.

2. Include sufficient contact information, such as your name and, if applicable, your organization, so we can follow up with you as needed.

3. To help us reproduce and assess the issue, please provide a detailed technical description of the vulnerability, including:

  • The specific product you tested, including the product name and version number.
  • The technical environment used for testing, including the operating system and its version.
  • Any relevant contextual information, such as network configuration details.

Additionally, please share any supporting information that may help us understand and verify your findings, such as:

  • Details about the tools and testing methods used
  • Any test configurations
  • If applicable, any proof-of-concept code or exploit scripts you developed.

4. If you have

  • identified potential threats,
  • conducted a risk and impact assessment,
  • or observed active exploitation of the vulnerability,

please include this information in your report.

5. If you have shared details of the vulnerability with other parties, please let us know and include any relevant tracking or reference numbers, so we can coordinate if necessary.

Response Times & Exchange

Paulmann aims to meet the following response targets for submitted reports:

  • Time to first response (from report submit) - 3 business days
  • Time to triage (from report submit) - 5 business days
  • Interval of status updates until resolved (if applicable) - monthly

The quickness with which confirmed vulnerabilities are resolved depends on the criticality identified. As part of a responsible vulnerability disclosure process, we encourage you to coordinate with Paulmann when determining public release dates for information regarding discovered vulnerabilities. To help minimize potential risks to public safety, privacy, and security, we kindly ask for your cooperation in aligning the timing of any disclosures. Please notify us of any planned public disclosures in advance.

Upon request, Paulmann will give full credit to submitters who provided a valid vulnerability report, in the publicly released patch notes.

Important Rules

Security Testing Restrictions  

  • Do not break any applicable law or regulations.
  • Do not exploit any vulnerability or issue you have discovered.
  • Do not carry out or attempt any type of Denial of Service (DoS) attack.
  • Do not post, transmit, upload, link to, send, or store any form of malicious software.

Proportionate and Ethical Conduct  

Disclosers must act responsibly and avoid any disproportionate or harmful actions, including but not limited to:

  • Disrupt the organization's systems or services
  • Modifying the application, product, or service in any way.
  • Creating a backdoor in any application, product, or service, even to demonstrate the vulnerability, as this introduces additional risks.
  • Exploiting a vulnerability beyond what is necessary to confirm its existence.
  • Copying, altering, or deleting data on the affected system. Instead, consider providing a directory listing as evidence.
  • Repeatedly accessing the system or sharing access with others.
  • Using brute-force methods (e.g. repeatedly guessing passwords) to gain access.

Handling of Sensitive Data  

  • Make a good faith effort to avoid accessing or deleting another user's data.
  • Do not include sensitive personal information (e.g., names, emails, credentials) in screenshots or other attachments shared with us.
  • Permanently delete any data or sensitive information obtained during your analysis once the report has been submitted.

Legal Notice Regarding Information Disclosure

If you choose to share any information with Paulmann, you agree that such information will be treated as non-proprietary and non-confidential. Paulmann may use this information freely, in whole or in part, without any limitations and without obligation to offer any reward or payment. Additionally, by submitting this information, you acknowledge that it does not grant you any rights or impose any obligations on Paulmann.