Contact: mailto:security@karlstorz.com
Policy: https://www.karlstorz.com/security
Expires: 2026-01-31T18:29:00.000Z
Preferred-Languages: en, de
Encryption: https://cryptshare.karlstorz.com/
Canonical: https://www.karlstorz.com/.well-known/security.txt
Hiring: https://career.karlstorz.com


# IMPORTANT NOTICE:
#
# 1. PRIVATE BUG BOUNTY PROGRAM
#    Our bug bounty program is currently invitation-only. Unauthorized
#    penetration testing or automated scanning without prior approval
#    is prohibited and may result in legal action.
#
# 2. PROGRAM ELIGIBILITY
#    Interested security researchers may apply for an invitation to our
#    program by using the contact information provided above. Please include
#    references and a brief description of your security research experience.
#
# 3. AUTHORIZED SCOPE
#    Only invited researchers will receive access to our detailed scope
#    document containing authorized targets and testing methodologies.
#
# 4. REWARDS
#    Rewards are determined based on vulnerability severity and impact.
#    Detailed reward information will be provided with program invitations.
#
# 5. COORDINATED DISCLOSURE
#    We follow a 90-day disclosure timeline. Researchers are expected to
#    keep vulnerabilities confidential until a fix has been implemented
#    and sufficient time has passed for deployment.
#
# 6. REPORTING REQUIREMENTS
#    All vulnerability reports must include:
#    - Detailed description of the vulnerability
#    - Step-by-step reproduction instructions
#    - Proof of concept (if applicable)
#    - Potential impact assessment
#
# For general security concerns or vulnerability reports outside of our
# bug bounty program, please use the contact information provided above.