Responsible disclosure of security vulnerabilities
Stromnetz Berlin pays much attention to the proper security of its information and communication systems. Despite these efforts, it is not possible to entirely exclude the existence of security vulnerabilities. Abusing a security vulnerability, or informing third parties about such a vulnerability which could lead to abuse, is illegal.
To prevent identified security vulnerabilities from being exploited by hackers, the Federal Office for Information Security (BSI) recommends adopting the principle of responsible disclosure. The use of this principle guarantees coordinated collaboration based on trust between the party that discovers the security vulnerability and the producer or service provider affected by it.
A natural or legal person who identifies a security vulnerabilities should proceed as follows under the principle of responsible disclosure:
- Report the security vulnerability to Stromnetz Berlin by filling out the online form below. Provide as much information about the security vulnerability as possible.
- The report is issued via the platform operated by our partner, ZeroCopter B.V., and can be completed anonymously.
- Do not exploit the security vulnerability, e.g. by using it to breach data, change the data of third parties or to deliberately disrupt the availability of the service provided.
- All activities relating to the discovery of the security vulnerability should be performed within the framework of the law.
- Do not inform any third parties about the security vulnerability. All communication regarding the security vulnerability will be coordinated by Stromnetz Berlin and our partner ZeroCopter B.V.
- If the above conditions are respected, Stromnetz Berlin will not take any legal steps against the party that reported the security loophole.
- In the event of a non-anonymous report, Stromnetz Berlin will inform the party that submitted the report of the steps it intends to take and the progress toward closing the security vulnerability.
- Depending on how critical the security vulnerability is and the quality of the report, Stromnetz Berlin may recognise the discovery of the security vulnerability.
Security, reliability and honesty are essential principles at Stromnetz Berlin. This applies both to the activities performed by Stromnetz Berlin as an energy company and distribution system operator, and to its role in society as a whole. Your contribution toward increasing this security and reliability would be greatly appreciated.
Report a security vulnerability
Stromnetz Berlin guarantees that no attempts will be made to identify an anonymous party reporting a security vulnerability, providing that the party has not used their knowledge of the vulnerability to exploit it and has not informed any third parties of its existence.
Form of ZeroCopter B. V. to report a security vulnerability.