Security Policy & Vulnerability Disclosure

We encourage responsible disclosure of security vulnerabilities

Overview

HPC-Gridware is committed to maintaining the security of its products and services.
We encourage responsible disclosure of security vulnerabilities and provide clear channels for reporting potential security issues.

This page describes how security concerns can be reported and how such reports are handled.

Reporting Security Vulnerabilities

If you believe you have identified a security vulnerability affecting a product or service provided by HPC-Gridware GmbH, please report it using one of the following channels:

For open-source components maintained by HPC-Gridware, additional reporting guidance may be available in the relevant repository (e.g. `SECURITY.md` files).

What to Include in a Report

To help us assess and address reported issues efficiently, please include as much relevant information as possible, such as:

  • A description of the potential vulnerability
  • The affected product, component, and version (if known)
  • Steps to reproduce the issue, where applicable
  • Any available proof-of-concept or supporting material

Reports may be submitted in good faith and do not require prior authorization.

Handling of Reports

Reported security issues are reviewed by our product security team.

Where contact information is provided, we may acknowledge receipt of the report and, if necessary, request additional information to support assessment.

Security issues are evaluated and handled in accordance with our internal security, vulnerability, and incident management processes.

Coordinated Disclosure

HPC-Gridware supports coordinated and responsible disclosure of security vulnerabilities.

Information related to reported vulnerabilities is handled confidentially and shared internally on a need-to-know basis.
Public disclosure of vulnerability details is coordinated to reduce the risk of exploitation and to allow appropriate mitigation or remediation measures to be implemented.

Legal and Responsible Use

Please do not:

  • Access or modify data without authorization
  • Disrupt services or systems
  • Use social engineering, denial-of-service, or automated scanning in a manner that may impact availability

Security testing should be conducted responsibly and within legal boundaries.

Regulatory Compliance

HPC-Gridware maintains internal processes for vulnerability handling, incident management, and post-market monitoring in line with applicable regulatory requirements, including the EU Cyber Resilience Act (CRA).

This document provides public information on reporting security issues. Detailed internal procedures are not publicly disclosed.