Information Security Reporting

The security of all assets and software products, are crucial for Porsche Informatik. We are committed to maintaining the highest standards of security to protect our clients, employees, and proprietary information. Therefor we are taking a considerable effort to developing and maintaining our assets software products to discover potential security vulnerabilities and reduce identified risks. Security reporting is crucial for our vulnerability discovery process and we welcome collaboration with individuals who report them to us. If you have any information about a vulnerability in any Porsche Holding asset and digital services or domains please inform us.

Reporting Security Vulnerabilities

We kindly request that you refrain from disclosing any vulnerabilities until we have had the opportunity to analyze them and, if necessary, implement appropriate measures.

Please send an email to security-report@porscheinformatik.com Use following certificate for encrypting your security report.

To encrypt, please use the certificate provided on this website. The corresponding CA certificates can be downloaded at the menu item "Volkswagen PKI CA Certificates" on https://certdist.volkswagen.de.

Security Reporting Guidelines

When reporting a vulnerability, please adhere to the following guidelines: Comply with applicable laws, regulations and other statutory provisions as well as with contractual provisions, including licensing or consent requirements. Do not harm anyone. Avoid impact on the privacy of third parties.

  • Time and date when the vulnerability was discovered
  • Detailed description of the vulnerability including any evidence or documentation of the issue (e.g., screenshots, logs) for us to reproduce the issue
  • Contact information for potential follow-ups.
  • Please use either German or English language for your report.

Confidentiality

Information about the reporting individual and the details of the report will only be shared with necessary personnel involved in the investigation and remediation unless legally obligated

Last Updated::
Contributors: Mario Ofner