Responsible Disclosure POLITIK

Læs vores Responsible Disclosure politik nedenfor (på engelsk).


Improsec’s goal is to help improve security in widely used IT systems, including hard- and software products, operating systems, (web) applications, firmware, APIs etc.

The work is carried out to the extent that it will not compromise trust nor confidentiality between Improsec and our customers.

When we identify security issues or vulnerabilities in IT systems, security researchers at Improsec follow the Responsible Disclosure policy below.


In the following document you find our Responsible Disclosure Policy (UK).

 
 

responsible disclosure fund (tech blog posts)

Privilege escalations in Heimdal Security

We have previously performed analysis of Heimdal Security and found interesting security vulnerabilities by means of DLL hijacking and executable overwriting. Read more about our findings and the responsible disclosures thereof here:

Client side remote code execution in IBM notes

We have previously performed analysis of IBM Notes and found interesting security vulnerabilities by means of DLL hijacking. Read more about our findings and the responsible disclosure thereof here:

Privilege escalation in IBM Notes Diagnostics

We have previously performed analysis of IBM Notes Diagnostics and found interesting security vulnerabilities by means of DLL and internal file hijacking. Read more about our findings and the responsible disclosure thereof here:

Privilege escalation in IBM Notes Smart Update Service

We have previously performed analysis of IBM Notes Smart Update Service, and found an interesting security vulnerability by means of DLL hijacking. Read more about our finding and the responsible disclosure thereof here: