Responsible Disclosure

Security is a shared responsibility.

If you have discovered a vulnerability in one of our products or services, we want to hear from you. This page explains how to report it and what to expect once you do.

Start interactive report Report via email

Two ways to report

Pick whichever channel suits you. Both reach the same security team.

Option 01

Interactive report

Submit structured details through a guided form: affected product, impact, reproduction steps, and attachments. Fastest path to triage.

Start interactive report
Option 02

Email

Prefer to send a free-form report? Email our security team directly.

Compose email

Scope

In scope

Production systems and applications operated by Behnke, including public websites and customer-facing APIs.

Out of scope

Third-party services, social engineering, physical security, volumetric denial-of-service testing, and automated scanner output without demonstrated impact.

What happens next

  1. Acknowledge

    We confirm receipt of your report within two business days.

  2. Triage

    We investigate the finding and assess its impact.

  3. Remediate

    We coordinate a fix with the responsible team and keep you updated on progress.

Disclosure guidelines

  • Do not access, modify, or delete data that does not belong to you.
  • Do not degrade the availability of our services.
  • Give us a reasonable amount of time to investigate and remediate before any public disclosure.
  • Follow all applicable laws.