Vulnerability Disclosure Policy

This policy outlines how to report security issues and what you can expect in terms of response and resolution timelines.

Contact Information

If you identify a potential security vulnerability in any of our products or services, please report it to us immediately via email at: [email protected]. Alternatively, you can use the form at the bottom of this page.

Our Commitment to You

We appreciate your responsible disclosure and will make every effort to address reported issues promptly. Below are the key timelines for our response process:

  • Acknowledgement of Receipt
    We will acknowledge your report as soon as possible, typically within five business days.
  • Status Updates
    After we confirm whether the vulnerability exists in our product, we will provide an update using the email address you provided.
  • Resolution Timeline
    Resolution timelines may vary depending on the complexity and severity of the vulnerability. However, we are committed to resolving validated issues as quickly as possible. Once resolved, we will notify you.

Guidelines for Reporting

To help us address the issue effectively, please include the following information in your report:

  • A clear and detailed description of the vulnerability.
  • Steps to reproduce the issue, including any relevant screenshots, logs, or proof of concept (PoC).
  • Your contact information for follow-up questions or clarifications.

Responsible Disclosure

We kindly request that you:

  • Refrain from disclosing the vulnerability publicly until we have confirmed and resolved the issue.
  • Avoid exploiting the vulnerability for any reason, including accessing data or systems without authorization.
We thank you for helping us maintain the security and integrity of our products and services.

* Required fields

Personal information

What do you want to report to us?

The text must be no more than 1000 characters.You have characters remaining.
Please upload any relevant screenshots, logs or other kind of documentation here.
I agree that BERNINA may process my personal data to the extent necessary to process and resolve the reported vulnerability. This also includes that BERNINA may contact me by email to clarify any queries. Information on data protection can be found in our privacy policy. I can revoke this declaration of consent at any time and at no cost.