-
Food, feed & confectioneryAdvanced materials
Information, data and its supporting processes, information systems and networks are vital to the business of Bühler and our customers and other business partners. The preservation of confidentiality, integrity and availability of valuable information is a major aspect to value the trust our customers and business partners place in us. If you found security issues or vulnerabilities, we would be very happy if you report them to us. The following document describes the framework on how such reporting and responsible disclosure is defined for Bühler.
The Bühler Information Security team is the point of contact for such reports and can be reached at security[at]buhlergroup.com.
When reporting security weaknesses please include the following elements:
To encourage responsible disclosure, we ask all researchers to comply with the following general guidelines:
If you follow these guidelines we commit to:
Any issue that affects the confidentiality or integrity of information in a comprehensible way (end to end) is likely to be in-scope. Examples are:
The following are considered out of scope and will not be rewarded:
The following people have reported valid security issues and helped us make Bühler more secure.
Credits |
Date |
Description |
---|---|---|
Athbi |
January 2023 |
Reported two authentication/authorization issues on API endpoints of a web application. |
January 2023 |
Reported a vulnerable component in a service of a third party provider. |
|
November 2022 |
Reported a valid vulnerability in a web application. |
|
October 2022 |
Performed and reported subdomain takeover on two subdomains |
|
September 2022 |
Reported several valid vulnerabilities in a web application |
|
May 2022 |
Reported a valid vulnerability in a web application. |
|
January 2022 |
Reported a valid vulnerability in a web application. |
|
January 2022 |
Reported a valid vulnerability in a web application. |
|
October 2021 |
Reported a vulnerable, outdated component in a web application. |
|
Yunus Yildirim |
October 2021 |
Reported a valid vulnerability in a web application. |
Mohammed Eldawody |
August 2021 |
Reported four valid findings with well documented explanations. |
We use cookies to make our website more user-friendly and to continuously improve your web experience. While some of the cookies may be strictly necessary for your usage of the website and its features, others help us to improve your online experience. You can accept all cookies by clicking "I accept" or reject all but the strictly necessary cookies by clicking on "Accept only strictly necessary cookies". To find further information about what cookies we use and how to manage them, please consult our Cookie Policy.