Security policy#

Did you find a security-related issue in one of our products? We'd like to guideline you through the process from the first contact till the public announcement of a security fix.

Thank you for taking time reading the following information carefully. Your contribution is highly welcome!

Scope#

This security policy is related to:

docupike incl. all its sub-projects and public systems
i-doit incl. all its sub-projects and public systems

Supported versions#

Please ensure that your findings affect the latest stable release of our software application. If you find any security issues in an older version of our software application please make sure it has not been already fixed in the current version.

About us#

Both docupike and i-doit are maintained by the synetics GmbH, located in Düsseldorf/Germany.

These are examples for security-related issues:

Vulnerability in one of our public systems, e.g. our websites
Vulnerability in one of our software applications, e.g. docupike
Disclosure of private information, e.g. user data and secrets

These issues affect the availability, confidentiality and/or integrity of our systems, software applications and the data we must protect.

Responsible disclosure#

We encourage you to follow the principles of a responsible disclosure. In short, we kindly ask you to:

Inform us immediately after you found an issue
Do not publish your findings without our confirmation
Give us at least 4 weeks to fix the issue if your findings are confirmed as security-related
Publish your findings after we publicly announce security fixes

Common Vulnerabilities and Exposures (CVE)#

A CVE is very much appreciated.

Contact us#

You can contact the security team in English and German directly via e-mail: security@docupike.com

We highly recommend to sign and encrypt your e-mail with GPG/OpenPGP. Our public key is available on keys.openpgp.org and can be downloaded from docupike.com/security_key.asc.