Guidelines and reporting channels

DEPRAG prioritizes the protection of your data and the security of our systems as the foundation for successful collaboration. To this end, we actively encourage the reporting of vulnerabilities and information security incidents to continuously ensure the integrity of our shared processes.

Contact

Do you have questions about our security measures, want to report a vulnerability, or report a security incident? We offer you a direct channel for communication with our experts:
security@deprag.de

DEPRAG supports responsible disclosure of security-related issues to ensure coordinated vulnerability management, assessment of potential impacts, and continuous improvement of product security throughout the entire product lifecycle.

When reporting security-related issues in products or web applications, the most relevant information possible should be provided to enable an efficient assessment.

This includes in particular:

Information on the affected product, including product name, model and software or firmware version used, or the affected web address in the case of web applications,
a description of the security-relevant facts
Technical evidence and reproduction steps, such as log data, sample attacks, or similar information,
References to previously published information or known references, including information on whether and by whom the vulnerability has already been disclosed.

Security-related reports must be submitted in German or English.
To ensure the confidentiality of the transmitted information, it is recommended that reports – especially those containing sensitive or detailed technical information – be submitted in encrypted form where possible. Suitable methods for secure transmission will be provided upon request.

All incoming reports are treated confidentially and used exclusively for the analysis and resolution of the reported security-related issues.

Reports received are generally acknowledged within three business days. Legitimate reports are generally processed within 90 business days, provided it is technically and organizationally feasible.

During the processing, regular communication takes place with the reporting party to inform them about the current status of the security-related issue, e.g. for validation, analysis or resolution.

If necessary, we will work with partners, platforms or relevant authorities (e.g. CERTs or affected customers) to ensure a safe and responsible disclosure of the vulnerability.

Contact

Information regarding potential security-related issues or incidents concerning products or related services can be submitted to DEPRAG SCHULZ GMBH u. CO. KG via the following email address:
cybersecurity@deprag.de

Contact for questions and reporting of general information security incidents

Contact

Contact and policy for reporting product-specific vulnerabilities and security alerts

Contact