Responsible Disclosure

Taking the security of our systems seriously

At Springer Nature, we take the security of our systems seriously. However, no matter how much effort we put into system security, there can still be vulnerabilities. We value the security community and the disclosure of these vulnerabilities helps us ensure the security and privacy of our users.

If you discover a vulnerability, we would like to know about it so we can take steps to address it as quickly as possible.

_
Discovered a vulnerability?

Send us an email to cybersecurity (AT) springernature (DOT) com

_
Download PGP public key
(TXT, 6.14 KB)
_
Received a Phishing or Spoofed Email?

If you suspect that you have received a Phishing or Spoofed Email, please report this to us.

Please do the following:

If you believe you’ve found a security vulnerability in one of our products or platforms 

  1. Send it to us by emailing cybersecurity (AT) springernature (DOT) com
  2. Encrypt the information with our PGP public key. You can find help here to encrypt your message for Windows, Linux and Mac. Please don't forget to encrypt your attachments (if any).
  3. Provide sufficient information to reproduce the problem, so we will be able to resolve it as quickly as possible. 

Complex vulnerabilities may need further explanation, in which case we will get in touch if we require more detail.

  • Description of the location and potential impact of the vulnerability.
  • The steps required to produce the vulnerability.
  • A description of any tool or script used in the process.
  • Screenshots of each step of the vulnerability.
  • Your hacker handle and link for recognition for our Hall of Fame.

Please do not:

  1. Take advantage of any vulnerability or problem you have discovered, for example by downloading more data than necessary to demonstrate the vulnerability or deleting or modifying other people's data.
  2. Reveal the problem to others until it has been resolved.
  3. Use attacks on physical security, social engineering, distributed denial of service, spam or applications of third parties.

What we promise:

  1. We will respond to your report within two business days with our evaluation of the report and an expected resolution date.
  2. We will handle your report with strict confidentiality, and not pass on your personal details to third parties without your permission.
  3. We will keep you informed of the progress towards resolving the problem.
  4. If you have followed the instructions above, we will not take any legal action against you in regard to the report.
  5. You will be given credit (unless you state otherwise) in our Security Researcher Hall of Fame.

Out of scope

Any services hosted by 3rd party providers and services are excluded from scope.

Security Researcher Hall of Fame

Name of researcher

Hacker Alias

Links

Date Reported

Md. Nur A Alam Dipu

nuraalamdipu

https://twitter.com/Dipu1A

https://bugcrowd.com/nuraalamdipu​

19th February 2019 1443hrs

Sushmitha Katikitala

  

https://www.linkedin.com/in/sushmitha-katikitala-04815558/

26th April 2019 0816hrs

Lacroute Serge

  

https://twitter.com/fakessh

09th May 2019 0931hrs

Shivam Pravin Khambe

  

https://twitter.com/ShivaRa42316756
https://www.linkedin.com/in/shivam-khambe-9a982b180/

15th April 2019 1331hrs

Pethuraj M

  

https://www.pethuraj.in 
https://www.linkedin.com/in/pethu/

24th May 2019 1743hrs

Akshat Dubey

    https://www.linkedin.com/in/akshatexe/

13th June 2019 0953hrs

Sachin Gupta

   https://www.linkedin.com/in/sachin-gupta-cyber-expert-370a4718

16th July 2019 0652hrs

Aaditya Kumar Sharma

   https://www.linkedin.com/in/assassin1337/
https://twitter.com/Assass1nmarcos

29th May 2019 1331hrs

Vikas Srivastava, INDIA

 007vikaxh

https://www.linkedin.com/in/007vikaxh

26th June 2019 1249hrs

GwanYeong Kim

Karas

https://twitter.com/sec_karas

1st Aug 2019 0650hrs

Alex Gorshkov


https://www.linkedin.com/in/gorsh

15th Jan 2020 0943hrs

Hassan Ahmed

Xen Lee

https://www.facebook.com/profile.php?id=100004793059302

15 April 2019 0638hrs

Mukul Trivedi


https://www.linkedin.com/in/m0hn1sh
https://www.twitter.com/M0hn1sh

29th November 2019 1537hrs

Pardon Mukoy

  

https://www.linkedin.com/in/pardon-mukoyi-2964aa187/

24th May 2019 0319hrs

Sayli Ambure


https://twitter.com/sayli_ambure
https://in.linkedin.com/in/sayli-ambure-4209209b

25th June 2019 0652hrs

Subhamoy Guha

      https://www.linkedin.com/in/subhamoy-guha-220048119
https://www.facebook.com/profile.php?id=100006787482332

26th September 2019 1550hrs

Ehtesham Ul Haq, Pakistan

            

13th May 2019 1017hrs

Kenan Genç

Turkey

https://twitter.com/kenanngnc

7th October 2019 1230hrs

Halil Ahmad

  

https://twitter.com/Halilahmadd

30th September 2019 2144hrs

Umesh P Jore


https://www.linkedin.com/in/umesh-prakash-j-55015194/

30th May 2019 2015hrs

Paras Arora
(multiple reports)


https://www.linkedin.com/in/parasarora06

28th Feb 2020 1022hrs

Vaibhav Pareek

Eternity

https://www.linkedin.com/in/vaibhavvp

16th July 2019 0753hrs

Ayan Saha


https://www.linkedin.com/in/ayansaha23
https://twitter.com/Evils_Paradise

16th July 2019 0932hrs

Vasantha Kumar

   https://www.linkedin.com/in/vasanth-kumar-417a7a32/
https://www.infoziant.com

17th July 2019 0918hrs

Pritam Mukherjee  https://www.linkedin.com/in/pritam-mukherjee-urvil-b75ab9b9/3rd March 2020 1903hrs

    

Stay up to date

_
Follow us on Twitter

Here to foster information exchange with the library community

_
Connect on LinkedIn

Connect with us on LinkedIn and stay up to date with news and development.

small_youtube