Responsible Disclosure

Responsible Disclosure

We welcome any information from external parties and members of TU Braunschweig that helps us to achieve the protection goals of information security and to secure our systems. If you have discovered a vulnerability that affects one of our systems, please contact us. Please use our e-mail address or our contact form.

Please note:

  • Unfortunately, as a public institution, we cannot offer you a financial reward (Bug Bounty).
  • At your request and consent to the processing of your data, we will publish you in our Hall of Fame if
    • we can verify the vulnerability by means of an appropriate report,
    • it is the first report of this vulnerability (ask if unsure),
    • the report contains a good and realistic attack scenario for the vulnerability,
    • we assess the discovery as a real risk for the systems or users of TU Braunschweig and
    • you behave respectfully towards our employees, communicate appropriately and do not pressure us.
  • Do not engage in security research that involves:
    • Potential or actual damage to our users and members, systems, data, applicaitons or processes.
    • Violation of privacy rights or confidentiality of data.
    • Social engineering (including, but not limited to, phishing).
    • Disrupt or interrupt our services.
    • Port scans on our networks or executing DDoS attacks.

If you comply with the rules of our program we will not bring any lawsuit against you or ask law enforcement to investigate you, unless we have reason to believe that you did not act in good faith.

Please note that feedback from our side may be delayed after an initial confirmation as long as we are busy assessing the vulnerability found. "Beg Bounty" requests will not be processed.