Security at Diffence.CH

At Diffence.CH, we take the security of our systems, products, and services seriously. We recognize that despite our best efforts, vulnerabilities may still exist. We encourage security researchers and the wider community to report any potential security issues so we can address them promptly.

Reporting a Vulnerability

If you believe you have discovered a security vulnerability in any of our services, we encourage you to report it to us responsibly. Please follow these steps:

• Contact us via email: Send an email to [email protected] with a detailed description of the issue. Please include any relevant information, such as proof of concept, attack vectors, and the potential impact. If applicable, attach screenshots or logs to help us understand the issue better.
• Encrypt your report: If your report contains sensitive information, we recommend using our PGP key for secure communication. You can find our public key here.
• Response time: We are committed to responding to your report within 3 business days. Once we have received your report, we will:
  • Confirm receipt of your submission.
  • Provide you with an estimated timeline for addressing the vulnerability.
  • Keep you informed of the progress of our investigation.
• Disclosure Policy: We kindly ask that you give us a reasonable timeframe to investigate and resolve the vulnerability before publicly disclosing any information. This helps us protect our users and ensure a thorough fix.

Scope

The following are generally in scope for reporting:

• Any security vulnerabilities that affect our websites, services, or systems.
• Bugs that allow unauthorized access to user data.
• Flaws that compromise the integrity of our infrastructure.

Out-of-scope issues may include:

• Denial of service attacks.
• Social engineering attacks on our employees.
• Vulnerabilities in third-party services that we utilize but do not control.

Acknowledgements

We greatly appreciate the contributions of the security community. Researchers who report valid security vulnerabilities will be acknowledged on our Acknowledgements Page, unless they request otherwise.

Responsible Disclosure Policy

We adhere to a responsible disclosure policy that ensures both the security researcher and Diffence.CH work together to improve the security of our systems. If you follow our guidelines, we will not take legal action against you for identifying a vulnerability.

Hiring

Are you passionate about cybersecurity? We are always looking for talented individuals to join our team. Check out our current openings on our Careers Page.