von.caron.de

ma vie est un combat

Responsible Disclosure Policy

Purpose

At von.caron.de, we take the security of our systems seriously. We aim to provide a secure and trustworthy experience for all users. We greatly appreciate reports of potential vulnerabilities from security researchers and the broader community.

How to Report a Vulnerability

If you believe you have discovered a security vulnerability in any of our systems, services, or domains, please contact us via:

joachim@von.caron.de

Encrypted communication is supported via S/MIME (see below).

To help us triage and resolve the issue as quickly as possible, please include:
  • A clear and concise description of the issue,
  • Steps to reproduce the vulnerability,
  • Any relevant technical information or proof of concept (PoC) code.

Encrypted Communication (S/MIME)

We support S/MIME encryption for secure email communication. If your email client supports S/MIME, encrypted messages will be sent automatically using our public certificate.

Download our S/MIME certificate for joachim@von.caron.de

We currently do not support PGP/GPG.

What We Ask of You

Please:
  • Avoid testing in a way that could impact the availability or integrity of our services (e.g., DoS attacks or spam),
  • Do not access, modify, or delete any user data,
  • Do not use automated scanning tools on production systems,
  • Refrain from publicly disclosing the issue before we’ve had a chance to investigate and resolve it (Coordinated Disclosure).

What You Can Expect From Us

  • We will acknowledge your report within 5 business days.
  • We will work with you to understand and resolve the issue.
  • We will keep you updated throughout the process.
  • We will not pursue legal action against you if you act in good faith and follow this policy.
  • If you wish, we will credit you publicly on our Hall of Fame page once the issue is resolved.

Scope

This policy applies to:
  • irq.de and its subdomains,
  • Public-facing services and APIs owned by irq.de,
  • Web applications that we operate directly.

Out of scope:
  • Services operated by third parties,
  • Social engineering or phishing attacks against our staff or users.

Changes

This policy may be updated occasionally.
Last updated: March 27, 2025

Thank You

We sincerely thank all individuals who help us improve the security and integrity of our systems. Your efforts help make the internet safer for everyone.

© 2025 Joachim von Caron
COOKIE SETTINGS