Report a security vulnerability
The Dewesoft Product Security Incident Response Team (PSIRT) welcomes reports from users and researchers. If you believe you have found a vulnerability in a Dewesoft website or product, or a data protection issue, choose the right channel below and send us the details.
ABOUT THIS PAGE
How to report a security vulnerability
Dewesoft PSIRT encourages the responsible disclosure of security vulnerabilities. Coordinated reporting helps us fix issues faster, keep customers informed, and continuously improve the security of our software, instruments, and online services.
Please read the channels below and choose the one that matches your finding. Each report is reviewed by the PSIRT and handled confidentially.
Not a security issue? General quality, warranty, licensing, or technical support questions are not handled by PSIRT. Please use the standard Dewesoft support and contact channels instead, so your request reaches the right team without delay.
THREE REPORTING CHANNELS
Where to send your report
CHANNEL 01 · WEB
Website security vulnerabilities
For vulnerabilities or incidents affecting a Dewesoft website or online service — for example dewesoft.com, the support, developer, forum, or shop portals.
Typical findings include cross-site scripting, injection, authentication or access-control flaws, insecure configuration, or exposed sensitive data.
CHANNEL 02 · PRODUCT
Product security vulnerabilities
For vulnerabilities or incidents in a Dewesoft product — including DewesoftX and DewesoftM software, firmware, APIs and SDKs, and data acquisition hardware such as SIRIUS, KRYPTON, IOLITE, OBSIDIAN, and related devices.
Please tell us the exact product, model, and software or firmware version affected.
CHANNEL 03 · DATA
Data protection issues
For data protection and privacy concerns — for example a suspected personal-data breach, an exposure of personal information, or a question about how Dewesoft handles your data.
You can also use this channel to raise data-subject requests under applicable privacy law.
MAKE YOUR REPORT ACTIONABLE
What information to include
For website or product vulnerabilities, the more detail you provide, the faster we can reproduce and resolve the issue. Where possible, please include:
01
Affected target
The product, model, and software or firmware version — or the exact URL for a website vulnerability.
02
Description & proof
A clear description of the vulnerability, with steps to reproduce, proof-of-concept, exploit code, or network traces where available.
03
Public references
Any related references, and whether the issue has already been disclosed publicly — and by whom.
Sending large files? If you need to share a large amount of data, mention it in your email and we can arrange a secure transfer method with you.
RESPONSIBLE DISCLOSURE
Working together in good faith
We ask researchers to follow these principles so we can investigate and fix issues without putting users or systems at risk.
✓ Please do
Report what you find as soon as possible after discovery.
Give us reasonable time to investigate and remediate before any public disclosure.
Provide enough detail to reproduce the issue.
Act in good faith and avoid privacy violations or service disruption.
✕ Please avoid
Accessing, modifying, or deleting data that is not yours.
Degrading service availability, e.g. denial-of-service testing.
Social engineering, phishing, or physical attacks against staff or facilities.
Publicly disclosing the issue before we have addressed it.
Important inforamtion
01 Reports submitted in English can be processed fastest. Please describe the issue as clearly as possible.
02 Previously published vulnerabilities and issues classified as informational may not qualify for acknowledgement.
03 We acknowledge researchers who help us improve security. Tell us in your report whether and how you would like to be credited.
04 We strongly encourage encrypted email for sensitive details. Contact PSIRT to request our current public encryption key before sending.