The safety and security of our customer's data, and the reliability of our products and services, are of utmost importance to Meister. Therefore, we aim to design and make products and services with the highest levels of security and reliability. Despite our best efforts, due to the highly complex and sophisticated nature of our products and services, vulnerabilities and errors may still be present in our products and services.

Vulnerability Disclosure Policy Meister

This policy describes Meister’s approach to requesting and receiving reports related to potential vulnerabilities and errors in its products and services from those that interact with such products and services.

Customers, users, researchers, partners and any other person that interacts with Meister’s products and services are encouraged to report identified vulnerabilities and errors with such products and services.

Where to report

The preferred method for contacting Meister regarding such vulnerabilities and errors is by using the form present on this page.

Meister highly appreciates the efforts made by the reporting party in identifying the vulnerability or error. Reporting of such vulnerabilities and errors will contribute to improving the security and reliability of our product and services.

Your Contact information

Please note that supplying your contact information with your report is entirely voluntary and at your discretion. Meister will make use of all reports that are submitted; both those submitted anonymously and those with contact information. If you do submit your contact information, Meister will only use such information to get in touch with you regarding clarifying the details of your report, if that is necessary.

Usage of your report

By making a report to Meister using the form on this page, or otherwise communicating a report to Meister, regarding vulnerabilities and errors, you agree to the following terms:

Meister may use your report for any purpose deemed relevant by Meister, including without limitation, for the purpose of correcting any vulnerabilities and errors that are reported and that Meister deems to exist and to require correction. To the extent that you propose any changes and/or improvements to a Meister product or service in your report, you assign to Meister all use and ownership rights to such proposals.

RULES FOR REPORTING

You confirm to Meister that:

• You have not exploited or used in any manner, and will not exploit or use in any manner (other than for the purposes of reporting to Meister), the discovered vulnerabilities and/or errors;
• You have not engaged, and will not engage, in testing/research of systems with the intention of harming Meister, its customers, employees, partners or suppliers;
• You have not used, misused, deleted, altered or destroyed, and will not use, misuse, delete, alter or destroy, any data that you have accessed or may be able to access in relation to the vulnerability and/or error discovered. If you accidentally access any personal or company data without authorization, you promptly cease any activity that may result in further data access or data processing and notify MeisterLabs without delay. You also delete this data from your systems at once;
• You have not conducted, and will not conduct, social engineering, spamming, phishing, denial-of-service or resource-exhaustion attacks;
• You have not tested, and will not test, the physical security of any property, building, plant or factory of Meister;
• You have not breached, and will not breach, any applicable laws (including but not limited to German and European law and any laws applicable in your own country of origin) in connection with your report and your interaction with Meister product or service that leads to your report.
• You agree not to disclose to any third party any information related to your report, the vulnerabilities and/or errors reported, nor the fact that vulnerabilities and/or errors have been reported to Meister.
• Meister does not guarantee that you will receive any response from Meister related to your report. Meister will only contact you regarding your report if Meister deems it necessary.
• You agree that you are making your report without any expectation or requirement of reward or other benefit, financial or otherwise, for making such reports, and without any expectation or requirement that the vulnerabilities and/or errors reported are corrected by Meister. Meister explicitly does not grant any reward.