Guidelines for Reporting a Security Vulnerability
If you discover a security vulnerability on one of our platforms, we kindly ask that you follow these guidelines:
- Report the Issue: Please send your findings via email to security@tuebingen․ai.
- Avoid Exploitation: Do not exploit the vulnerability in any way, such as by downloading, manipulating, or deleting data or uploading unauthorized code.
- Maintain Confidentiality: Do not share information about the vulnerability with third parties.
- Refrain from Attacks: Do not engage in social engineering (e.g., phishing), DDoS attacks, spam, or any other harmful activities targeting our systems.
- No Beg Bounties: We do not address reports that identify purely theoretical vulnerabilities without evidence of an actual threat.
- Provide Detailed Information: Include sufficient details in your report to allow us to reproduce and analyze the issue effectively.
- Offer a Contact Method: Provide a way for us to contact you personally with any follow-up questions. Anonymous reports will not be considered.
- Be Prepared for Follow-Up: Complex vulnerabilities may require further explanations or additional documentation.
Your cooperation is essential to maintaining the security of our platforms. Thank you for your assistance.
Our commitment
- No Legal Action: We will not involve law enforcement in relation to your security research unless it is clearly criminal in nature. You can be assured that no legal action will be taken against you.
- Timely Resolution: We will make every effort to address and resolve the reported vulnerability as quickly as possible.
- Progress Updates: We will keep you informed about the progress of addressing your findings.
- Policy Compliance: All actions will be carried out in compliance with this security policy.
- Confidentiality: Your report will be treated with strict confidentiality. Personal data will not be shared with third parties without your consent. The Privacy Policy of the Tübingen AI Center applies.
- Acknowledgment: With your permission, we would be happy to acknowledge your contribution by name.
Details to Include When Reporting a Security Vulnerability
- Type of Vulnerability: Specify the nature of the issue.
- Brief Explanation: Provide a concise description without technical details.
- Affected Service/System/Device: Identify the impacted service, system, or device.
- Exploitation Technique: Describe how the vulnerability can be exploited (e.g., remote, local).
- Authentication Level: Indicate the required access level (e.g., guest, user, admin).
- User Interaction: State whether user interaction is required (e.g., headless, interactive).
- Technical Details: Include detailed technical information if possible.
- Proof of Concept: Share any reproducible example or demonstration.
- Proposed Solution: Suggest potential fixes or mitigations.
- Contact Details: Provide your contact information for follow-up queries.
- Acknowledgment: Indicate whether you consent to being mentioned (under a pseudonym or name) alongside the vulnerability in the Hall of Fame.
Hall of Fame
Parth Narula - November 2024
Parth Narula is an expert in network architecture, cybersecurity, and ethical hacking. He discovered and helped to rectify various vulnerabilities.
Yogeswaran M - February 2025
Yogeswaran M is a Cyber Security Engineer, Penetration Tester, and Bug Bounty Hunter. He provides ethical hacking, cloud security, and threat analysis. He discovered a potential XST security vulnerability.
Hero photo by Xavier Cee on Unsplash.