Who we are & Disclaimer

curesec GmbH is a company of dedicated IT Security experts that offers comprehensive, professional advice and education in the IT security field. We examine, amongst others, online shops, applications, external devices and IT networks.

Our public security research focuses on open-source projects but is not limited to them. Our advisories are created of our own accord. We do not receive payment for them unless specifically noted otherwise. We do this research because we firmly believe in the idea of open-source software and we want to do our part by improving and securing it.

When we discover a vulnerability, we take all reasonable measures to contact the vendor. We strongly prefer responsible disclosure in cooperation with the vendor if at all possible and we keep to all arrangements made with vendors. We will use full disclosure if a vendor does not reply or if the vendor does not fix the vulnerabilities in the agreed-upon time frame. We will generally postpone our disclosure date by a reasonable amount if asked.

Our contact with vendors and our advisories should not be misconstrued as advertisement for our services or products. We do not expect and will not accept payment for reported vulnerabilities.

The information and code in our advisories is provided "as-is" without any warranty. We do not guarantee its correctness and will not be liable for any damage it may cause.

For questions about our advisories or our disclosure process please contact us at E-mail of Curesec Research Team, for other inquiries please refer to General Curesec e-mail