Security policy#
Did you find a security-related issue in one of our products? We'd like to guideline you through the process from the first contact till the public announcement of a security fix.
Thank you for taking time reading the following information carefully. Your contribution is highly welcome!
Scope#
This security policy is related to:
- docupike incl. all its sub-projects and public systems
- i-doit incl. all its sub-projects and public systems
Supported versions#
Please ensure that your findings affect the latest stable release of our software application. If you find any security issues in an older version of our software application please make sure it has not been already fixed in the current version.
About us#
Both docupike and i-doit are maintained by the synetics GmbH, located in Düsseldorf/Germany.
What are security-related issues?#
These are examples for security-related issues:
- Vulnerability in one of our public systems, e.g. our websites
- Vulnerability in one of our software applications, e.g. docupike
- Disclosure of private information, e.g. user data and secrets
These issues affect the availability, confidentiality and/or integrity of our systems, software applications and the data we must protect.
Responsible disclosure#
We encourage you to follow the principles of a responsible disclosure. In short, we kindly ask you to:
- Inform us immediately after you found an issue
- Do not publish your findings without our confirmation
- Give us at least 4 weeks to fix the issue if your findings are confirmed as security-related
- Publish your findings after we publicly announce security fixes
Common Vulnerabilities and Exposures (CVE)#
A CVE is very much appreciated.
Contact us#
You can contact the security team in English and German directly via e-mail: security@docupike.com
We highly recommend to sign and encrypt your e-mail with GPG/OpenPGP. Our public key is available on keys.openpgp.org
and can be downloaded from docupike.com/security_key.asc
.