Security Policy

Coordinated Disclosure Policy

If you discover a security vulnerability in a product, project, or web presence maintained by Weichwerke Heidrich Software or Simon Heidrich, please follow these guidelines:

  • Report the security vulnerability as described below.
  • Include enough information to reproduce the issue. The more detailed the description, the faster the problem can be resolved.
  • Include a contact method for potential follow-up questions.

Additionally, you are strongly implored to:

  • Not disclose the vulnerability to anyone else.
  • Not exploit the vulnerability beyond what is necessary for a proof of concept.
  • Not publish tools or instructions for exploiting the vulnerability without prior discussion with Simon Heidrich.

As long as you adhere to these guidelines, the following is guaranteed in return:

  • Weichwerke Heidrich Software or Simon Heidrich will not take any legal action against you in connection with the security vulnerability.
  • The security vulnerability will be evaluated within 14 calendar days, and a deadline for a resolution will be set. You will be kept informed of developments.
  • Upon request, you will be publicly acknowledged as the discoverer of the security vulnerability.

Security Vulnerability Reporting

Please adhere to the Coordinated Disclosure Policy.

Send all security-related information via email to info@wwh-soft.com.

You are encouraged, though not required, to encrypt this email using OpenPGP to ensure the confidentiality of the information. An introduction to OpenPGP can be found in the BOMnipotent documentation. You can find the public key either here for download, or directly on this page for copying to your clipboard:

-----BEGIN PGP PUBLIC KEY BLOCK-----

xjMEaIkORBYJKwYBBAHaRw8BAQdA+5Vr/EPDJv8Fqn3iq9fGuBAOyf+BqjPzL1F3
+Sj5uW3CwBEEHxYKAIMFgmiJDkQFiQWkj70DCwkHCRCbT7hBq5sufUcUAAAAAAAe
ACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmf3av26tkzjCyq+vb9LZlEo
NRfpjiWsvd+FDxp7CHOOOwMVCggCm4ECHgkWIQRznF1kPHUg0lGczZSbT7hBq5su
fQAAZU4A+gPiMFpQQQ2xT4YwZ7GFfQ5vKyuFUgC2C6/KISmFlEgrAQDo2TRyrxjG
aXeuuRnybrlJuW5UGRC2BVar2LI/+1JbCc0TPGluZm9Ad3doLXNvZnQuY29tPsLA
EQQTFgoAgwWCaIkORAWJBaSPvQMLCQcJEJtPuEGrmy59RxQAAAAAAB4AIHNhbHRA
bm90YXRpb25zLnNlcXVvaWEtcGdwLm9yZ6J33PckOBg3HydQgXCsy57mVTCf0UiG
nKNTky1x8RA8AxUKCAKbgQIeCRYhBHOcXWQ8dSDSUZzNlJtPuEGrmy59AABXXAD9
Ey0mMQsu5UZ8KrbhnOfu4YknLmJJ37RyhZ6IBQUVNWoA/2gPTABL8/FWg/y4YbEZ
N01k7Ebez3d/1GtCMY2tTrMLzRxXZWljaHdlcmtlIEhlaWRyaWNoIFNvZnR3YXJl
wsAUBBMWCgCGBYJoiQ5EBYkFpI+9AwsJBwkQm0+4QaubLn1HFAAAAAAAHgAgc2Fs
dEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JntRaiix5a3jvmbX3ZlUWgOXRa0jGx
ypA1GKfKjICb9cEDFQoIApkBApuBAh4JFiEEc5xdZDx1INJRnM2Um0+4QaubLn0A
AP2gAQCixoI9e+oPimjBg+mrlLWJGLiTNkxCI553m3y0IpLuNQD+NCaxYc9P7u8m
HLypcjP7JXJv6N+CWFzXmy7z1JKRKQDOMwRoiQ5EFgkrBgEEAdpHDwEBB0AX0pEw
ENhxq6jBowr2aN9dtCotl+CSQ/Q7M/JU2f40z8LAxQQYFgoBNwWCaIkORAWJBaSP
vQkQm0+4QaubLn1HFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Au
b3Jn5+ZY07rDNnw+HLAUbhbFikyO3o1HDYpKcRlJ6FdpAgYCm4K+oAQZFgoAbwWC
aIkORAkQXHCG+SMIxS1HFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1w
Z3Aub3JnI/yjv1nvKuEn2QC3QP/MtydppuZb/CotaC8y1oCknTAWIQR3tHWMwZ9q
mmyWucNccIb5IwjFLQAAgAYBAKiJvag2bRFEuqeT0X90bzr9YYDqfVBLV+R7KRpi
U3RpAQC+jbq/fLjCQ/Y++9U+MwJ0g5nV1TWs4bVgravxzcVsDhYhBHOcXWQ8dSDS
UZzNlJtPuEGrmy59AADS7wD/VvtcVb3rviif7QbtpbthdKvXJdYGSZF1OUkWC9SW
XyIBAOpEFpqiknsw/YRRhLowbUP/13ph+UX6a5pk16mUrd4NzjMEaIkORBYJKwYB
BAHaRw8BAQdAOXLpujzo5LrZcDYZF4blLLG9F8TdNs0PtUWF+aU1+ZTCwMUEGBYK
ATcFgmiJDkQFiQWkj70JEJtPuEGrmy59RxQAAAAAAB4AIHNhbHRAbm90YXRpb25z
LnNlcXVvaWEtcGdwLm9yZ2gIclEciifZsyOFF42hP9wxr4LdeuuYrbXEbZJyLWed
ApugvqAEGRYKAG8FgmiJDkQJEIfq5AOgRSnjRxQAAAAAAB4AIHNhbHRAbm90YXRp
b25zLnNlcXVvaWEtcGdwLm9yZyhZu9/akeUWiKNwqimWv/EYbPCHnd5TRmIR7IXk
8V5ZFiEEHAFDsrmxQG1MJYTkh+rkA6BFKeMAALE7AP4uy8mNrc3G4tEPc3OrwO5v
SMkArHvWH74IOiVRtIMEHgD+MvCLi06oAMIal76Ksj+2AuSsFU80xu6aYX7m4IV3
Tw0WIQRznF1kPHUg0lGczZSbT7hBq5sufQAArJAA/R7PBh3n0olmXL+izWZQ8f8i
42Vil8+zQ675biOJKRGBAQDTdhxZ+iVBlGIJ8brpGb9DQ1M6cSSR6DVSbP3xfPgT
DM44BGiJDkQSCisGAQQBl1UBBQEBB0BlTVohtGaqq8fYF/fG32XSICwZu2se9aJ8
ajXnMGYhGAMBCAfCwAYEGBYKAHgFgmiJDkQFiQWkj70JEJtPuEGrmy59RxQAAAAA
AB4AIHNhbHRAbm90YXRpb25zLnNlcXVvaWEtcGdwLm9yZ/9PcJ3PTDGcm1zroROF
/kth2sgnH0GYIJmfDcMjhgVMApuMFiEEc5xdZDx1INJRnM2Um0+4QaubLn0AAHey
AP9Tqsu5ByuS72/QZKaGR/Er8GELb4wx9BFQbp+6S1Vj9QD/TpBe1SbXzB5Wt2mF
UR2E5r7Tm4kfrMWSmf/ktEIvmQM=
=MK9h
-----END PGP PUBLIC KEY BLOCK-----

Hall of Fame

NameReferenceVulnerabilityDate

Weichwerke Heidrich Software extends their gratitude to everyone who has disclosed vulnerabilities to them, including those who prefer to remain anonymous.