Found a bug? Responsible Vulnerability Disclosure
At Covestro, we take the security of our products, systems, and services very seriously. We welcome the responsible disclosure of security vulnerabilities by third parties and work closely with the security community to minimize risks.
How to Report a Vulnerability
If you have discovered a potential security vulnerability in a Covestro product, system, or service, we ask that you report it in accordance with the following guidelines:
- Send your report to mailto:cert[at]covestro[.]com.
- Focus on real vulnerabilities (no trivial XSS)
- Describe the vulnerability in as much detail as possible.
- Indicate which products, systems, or services are affected.
- Explain the impact and potential risks.
- Share all relevant technical details.
- Keep the information confidential.
We will promptly review your report. After confirming the vulnerability, we will work diligently on a solution and notify you as soon as a patch or update is available.
Thank you for your contribution to the continuous improvement of security at Covestro.