Forgotten your password?

?
?

Resend confirmation link

Keinverzeichnis / meinVZ

VZ Security Pages: Reporting security gaps

Suggest to friends

Sicherheitslücken melden

Reporting security gaps

We have recognised that the best form of protection is to listen to the users in our platforms, our software developers, and other individuals with an interest in security. They offer great support and help to ensure that the internet in general, and our websites in particular, are ever more secure.

We’re human and humans make mistakes, which is why we can never completely prevent the emergence of security problems. To address this we’ve created a special security team and are working to ensure that responsible users adhere to the principles of Responsible Disclosure* and report any problems to us.

We are continually addressing verifiable security problems. With complex cases this may take a little while – we ask for your understanding.

If you have discovered a security gap or a weakness in one of our websites, please send an email to us at sec-alert[at]vz(dot)net. This should include:

  • the product name (e.g. meinVZ, message service, compose message)
  • a detailed description of the problem that allows us to locate it
  • your email address for confirmation, further questions, and our feedback. Anonymous reports are possible through https://privacybox.de/vzsecalert.msg.

If you prefer, you are able to secure your email communication through Public Key with the corresponding fingerprint.

If we all work together the internet will be safer for everyone – thank you in advance for your support!

Thank you from the VZ-networks to: Levon Kayan, Armin Razmdjou, Nils Jünemann, Florian Strankowski, Andreas Nolden, Christian Ziegenrücker, Marco Lux (loopb-ack GbR), Fabien Dombard (Loop-ack GbR), Pierre Pronchery (loop-ack GbR), Jean Pascal Pereira (secbiz.de), David Vieira-Kurz (Majorsecurity.net)


*Responsible Disclosure means: The provider is given the opportunity to fix the problem before it is made public. This allows the internet to clean itself internally, since it allows providers the opportunity to close security gaps before people with bad intentions find out about them.

back to overview