The Bundeswehr wrote on its website that they give great importance to the security of its IT systems. Despite careful implementation, configuration and testing, there may still be weak points. Now, Bundeswehr officially introduced the new Responsible Disclosure Program for reporting vulnerabilities and security vulnerabilities. This means that security researchers can use the contact form to contact with Bundeswehr about the security problem or to send the results by email to [email protected]
Depending on rules
Security researchers have been invited to probe the IT systems and web applications of the Bundeswehr in accordance with its new VDPBw policy. The German Federal Armed Forces published a clear set of rules that precede similarly already known bug bounty or responsible disclosure programs. The active and legally binding rules are intended to protect researchers and the German Armed Forces when submitting security breaches. Bundeswehr promises to close the vulnerability as soon as possible.
Examples that qualify for the program:
– Cross-Site Request Forgery (CSRF)
– Cross-Site Scripting (XSS)
– Insecure Direct Object Reference
– Remote Code Execution (RCE) – Injection Flaws
– Information Leakage an Improper Error Handling
– Unauthorized access to properties or accounts