Responsible Disclosure
The security of our IT services is a major concern for us. We are constantly working to protect our services and data in the best possible way. The view from the outside is a great help.
We would be grateful if you, a security researcher, would inform us if you discover a vulnerability.
Please note the following terms and conditions:
Act responsibly: With great power comes great responsibility.
The goal is to show possible attack vectors, not to cause damage. Use a discovered vulnerability for illustrative purposes only.
Never delete or modify data and avoid failures (e.g. DoS).
Treat collected information confidentially.
Provide us with sufficient information about your discovery. Usually a URL or IP address of the affected system with a short description of the vulnerability should be enough.
In any case, the following actions are not covered by Responsible Disclosure:
Spam & Phishing
Social Engineering
DDoS attacks
Attacks on physical security
With your report of vulnerabilities, you help us a lot. Comply with the above-mentioned terms and conditions and act responsibly. You can contact us anonymously and encrypted by email.
Contact details
Email: disclosure@wu.ac.at
PGP key fingerprint: C74A 7EFF C99C A19B 5CBE 1E13 8CF7 F882 C327 1E69
We thank you for your support in keeping our services and data as secure as possible.