VON ARDENNE GmbH
Vulnerability Handling and Disclosure Policy
Preface
VON ARDENNE is dedicated to supporting the security and safety of our customers' operation. We secure our products, services and IT infrastructure through a comprehensive and systematic approach. VON ARDENNE has established a formal process to handle security vulnerability reports related to our product portfolio and infrastructure.
We encourage responsible disclosure of vulnerabilities affecting our products and services. Our engagement with reporters is based on good faith and mutual respect. We welcome reports from customers, partners, security researchers and any other source regardless of contractual relations or product lifecycle status.
This policy applies to all security vulnerabilities found in VON ARDENNE products, software solutions, services, and IT infrastructure components.
1. Vulnerability Reporting
To report a security vulnerability affecting any VON ARDENNE product, solution, or infrastructure element, please contact our security teams using the details found in the Contact section below.
Note! If you want to report a suspected violation of applicable laws or our Code of Conduct please use our whistleblower system.
When submitting a report, please provide:
- A clear description of the vulnerability, including any proof-of-concept exploit code, logs, or network traces that demonstrate the issue
- Identification of the affected product, solution, or infrastructure component, including version or firmware information if possible
- Whether the vulnerability has already been publicly disclosed (optional)
- Contact information for any necessary follow-up or clarification (email, phone)
We do not require nondisclosure agreements before receiving vulnerability reports. We strongly encourage coordinated disclosure, as premature public disclosure may expose customers to avoidable risks.
2. Vulnerability Analysis
Upon receipt, VON ARDENNE’s security team promptly acknowledges your report. We will investigate and attempt to reproduce the reported vulnerability. Additional information may be requested to facilitate accurate assessment.
3. Vulnerability Handling
Our internal teams, including product developers and security experts, collaborate to evaluate the risk and develop remediation plans. If necessary, we may inform relevant national or governmental CERT organizations with which VON ARDENNE maintains cooperation. We may also get into contact with our suppliers if the issue concerns a 3rd party component.
Throughout this process, we maintain ongoing communication with the reporting party to provide updates and foster mutual understanding. When available, early versions of security patches may be shared for verification.
4. Disclosure and Customer Notification
Once a vulnerability is confirmed and a fix is developed, we coordinate the release of updates through our normal customer notification channels.
As our products are customer specific or have very small user bases we share vulnerability details exclusively with affected customers on an individualized basis, ensuring timely and secure mitigation.eichert werden.
Recommendations to Reporters
- Conduct testing only on systems for which you have explicit permission or ownership.
- Perform vulnerability research responsibly, minimizing impact on VON ARDENNE systems and customer environments.
- Avoid accessing or altering data not related to the security issue being investigated.
VON ARDENNE does not intend to pursue legal action against individuals who report vulnerabilities in good faith and follow this policy. Unauthorized attempts to exploit, disrupt, or damage VON ARDENNE products, services, or customer systems may be subject to legal consequences.
Contact Information
For vulnerability reports or enquiries, please contact:
Email:productcert@vonardenne.com for Issues on VON ARDENNE Products, Services and Software Solutions.
Email:cert@vonardenne.com for Issues on VON ARDENNE IT Infrastructure.
Submissions in English or German will be accepted. We strive to respond within one business day.
Thank you for helping us maintain the security and integrity of VON ARDENNE products and services. Your responsible cooperation is vital in protecting our shared technology ecosystem.