ende

Vulnerability Disclosure Policy

Introduction

Turbine Kreuzberg is committed to ensuring the security of our systems and protecting the data of our users. We value the contributions of security researchers and ethical hackers in identifying potential vulnerabilities. This policy provides guidelines for reporting security issues and outlines our commitment to addressing them.

Scope

This policy applies to all public-facing websites, applications, and services owned and operated by Turbine Kreuzberg.

Safe Harbor

We appreciate the efforts of security researchers acting in good faith. If you make a reasonable attempt to comply with this policy during your security research, we will:

  • Not pursue legal action related to your research

  • Work with you to understand and resolve the issue quickly

  • Acknowledge your contribution if desired

Guidelines

When conducting your research, we request that you:

  • Do not access, modify, or delete data that does not belong to you

  • Do not attempt denial of service attacks

  • Do not use automated tools that generate significant amounts of traffic

  • Do not attempt social engineering or phishing attacks on our employees

  • Respect the privacy of our users and employees

Reporting a Vulnerability

To report a vulnerability:

  1. Email your findings to security@turbinekreuzberg.com

  2. Provide sufficient information for us to reproduce the issue

  3. Include your contact information if you wish to be credited (optional)

We will acknowledge receipt of your report within 3 business days.

What to Expect

After you submit a report:

  • We will investigate and validate the issue

  • We will work on a fix and keep you updated on our progress

  • Once resolved, we may invite you to confirm that the solution adequately addresses the vulnerability

  • With your permission, we may publicly acknowledge your responsible disclosure

Disclosure Timeline

  • We aim to resolve critical issues within 30 days of verification

  • We request that you do not disclose the vulnerability publicly for at least 90 days from the date of submission, allowing us time to resolve the issue

    Thank you for helping keep Turbine Kreuzberg and our users safe and secure.