The security of our products and services at Knowledgeworker is our highest priority. To ensure the integrity of our systems and proactively respond to vulnerabilities, we rely on responsible disclosure by external security experts. These guidelines are intended to clearly define the process for reporting and handling security vulnerabilities.
Reporting Vulnerabilities
Contact Information
If you have identified a potential vulnerability in our systems, please contact us via the following email address:
Email: disclosure (at) knowledgeworker.com
We typically respond to your message within a few hours on weekdays in Germany. Please note that there may be longer response times due to public holidays, for example.
What Information We Need
Please provide a clear and precise step-by-step guide on how we can reproduce the vulnerability. Indicate how the system's behavior differs from your expectation. If possible and necessary, supplement your description with screenshots or other media. Please also include, if applicable, the products used, software versions, or technical tools used to reproduce the issue.
Please submit your report in either German or English.
Which Vulnerability Reports and Attacks Are Prohibited
Reports that are not permitted under this policy include reports of usability issues, typos, user misbehavior, or reports concerning third-party products. Additionally, social engineering, DDoS attacks, brute-force attacks, installing malware, or altering the system in any way, such as copying, deleting, or changing data, are strictly prohibited. Please also refer to the Terms of Use of Knowledgeworker.
If you are experiencing technical problems using Knowledgeworker, please contact Support.
How Your Report Will Be Handled
Once we receive your vulnerability report, we will take all necessary steps to investigate with the goal of quickly and transparently addressing the described security issue.
During the investigation, remediation, and deployment of updated software components, we will keep your report confidential and not make it publicly available.
We kindly ask you to keep all communications regarding the vulnerability confidential to ensure mutual trust and flexibility as we work together to release an update and, if necessary, give our customers time to update their software systems.
We will publicly announce the vulnerability on our Security Updates page and mention the individual(s) who reported the vulnerability, unless the researcher(s) wish to remain anonymous.