PSIRT · ACCEPTING REPORTS

Report a security vulnerability

The Dewesoft Product Security Incident Response Team (PSIRT) welcomes reports from users and researchers. If you believe you have found a vulnerability in a Dewesoft website or product, or a data protection issue, choose the right channel below and send us the details.

CH · WEB

Website security

psirt@dewesoft.com

CH · PRODUCT

Product security

psirt@dewesoft.com

CH · DATA

Data protection

legal@dewesoft.com

ABOUT THIS PAGE

How to report a security vulnerability

Dewesoft PSIRT encourages the responsible disclosure of security vulnerabilities. Coordinated reporting helps us fix issues faster, keep customers informed, and continuously improve the security of our software, instruments, and online services.

Please read the channels below and choose the one that matches your finding. Each report is reviewed by the PSIRT and handled confidentially.

Not a security issue? General quality, warranty, licensing, or technical support questions are not handled by PSIRT. Please use the standard Dewesoft support and contact channels instead, so your request reaches the right team without delay.

THREE REPORTING CHANNELS

Where to send your report

CHANNEL 01 · WEB

Website security vulnerabilities

For vulnerabilities or incidents affecting a Dewesoft website or online service — for example dewesoft.com, the support, developer, forum, or shop portals.

Typical findings include cross-site scripting, injection, authentication or access-control flaws, insecure configuration, or exposed sensitive data.

psirt@dewesoft.com

CHANNEL 02 · PRODUCT

Product security vulnerabilities

For vulnerabilities or incidents in a Dewesoft product — including DewesoftX and DewesoftM software, firmware, APIs and SDKs, and data acquisition hardware such as SIRIUS, KRYPTON, IOLITE, OBSIDIAN, and related devices.

Please tell us the exact product, model, and software or firmware version affected.

psirt@dewesoft.com

CHANNEL 03 · DATA

Data protection issues

For data protection and privacy concerns — for example a suspected personal-data breach, an exposure of personal information, or a question about how Dewesoft handles your data.

You can also use this channel to raise data-subject requests under applicable privacy law.

legal@dewesoft.com

MAKE YOUR REPORT ACTIONABLE

What information to include

For website or product vulnerabilities, the more detail you provide, the faster we can reproduce and resolve the issue. Where possible, please include:

01

Affected target

The product, model, and software or firmware version — or the exact URL for a website vulnerability.

02

Description & proof

A clear description of the vulnerability, with steps to reproduce, proof-of-concept, exploit code, or network traces where available.

03

Public references

Any related references, and whether the issue has already been disclosed publicly — and by whom.

Sending large files? If you need to share a large amount of data, mention it in your email and we can arrange a secure transfer method with you.

RESPONSIBLE DISCLOSURE

Working together in good faith

We ask researchers to follow these principles so we can investigate and fix issues without putting users or systems at risk.

Please do

  • Report what you find as soon as possible after discovery.

  • Give us reasonable time to investigate and remediate before any public disclosure.

  • Provide enough detail to reproduce the issue.

  • Act in good faith and avoid privacy violations or service disruption.

Please avoid

  • Accessing, modifying, or deleting data that is not yours.

  • Degrading service availability, e.g. denial-of-service testing.

  • Social engineering, phishing, or physical attacks against staff or facilities.

  • Publicly disclosing the issue before we have addressed it.

Important inforamtion

01 Reports submitted in English can be processed fastest. Please describe the issue as clearly as possible.

02 Previously published vulnerabilities and issues classified as informational may not qualify for acknowledgement.

03 We acknowledge researchers who help us improve security. Tell us in your report whether and how you would like to be credited.

04 We strongly encourage encrypted email for sensitive details. Contact PSIRT to request our current public encryption key before sending.