Security of services and data is one of the top priorities of the State Printing Works of Securities. If you believe you have discovered a possible vulnerability in any of our services, unprotected data or other security issue, please report it to us.
We ask that you do not disclose vulnerabilities and follow this policy.
Policy for Responsible Reporting of Security Vulnerabilities:
- Discovered vulnerability report to vulnerability@stc.cz.
- Include of reporting the vulnerability will be a detailed proof of concept allowing reproduction and verification of the reported vulnerability.
- Information Vulnerability information will not be disclosed or provided to third parties without prior consent of the State Printing Works of Securities.
- At verification of the vulnerability, you will do everything possible to prevent property damage or non-pecuniary damage, violation of privacy or unavailability or impairment of the provision of our services.
- You will not exploit vulnerabilities to access data that you are not authorized to access
- Brute-force techniques or social engineering methods will not be used to access our systems
Policy for evaluating reported security vulnerabilities:
Your submission should be acknowledged within 72 hours. We will analyze and confirm the reported security issue and will typically contact you within 5 business days. Confirmed security vulnerabilities will then be addressed according to their severity and we will inform you of the planned date for remediation of the vulnerability. We ask that you maintain confidentiality throughout the resolution of the reported vulnerability.