Responsible Disclosure

Taking the security of our systems seriously

At Springer Nature, we take the security of our systems seriously. However, no matter how much effort we put into system security, there can still be vulnerabilities. We value the security community and the disclosure of these vulnerabilities helps us ensure the security and privacy of our users.

If you discover a vulnerability, we would like to know about it so we can take steps to address it as quickly as possible.

_
Discovered a vulnerability?

Send us an email

_
Download PGP public key
(TXT, 6.14 KB)

Please do the following:

If you believe you’ve found a security vulnerability in one of our products or platforms 

  1. Send it to us by emailing cybersecurity (AT) springernature (DOT) com
  2. Encrypt the information with our PGP public key.
  3. Provide sufficient information to reproduce the problem, so we will be able to resolve it as quickly as possible. 

Complex vulnerabilities may need further explanation, in which case we will get in touch if we require more detail.

  • Description of the location and potential impact of the vulnerability.
  • The steps required to produce the vulnerability.
  • A description of any tool or script used in the process.
  • Screenshots of each step of the vulnerability.
  • Your hacker handle and link for recognition for our Hall of Fame.

Please do not:

  1. Take advantage of any vulnerability or problem you have discovered, for example by downloading more data than necessary to demonstrate the vulnerability or deleting or modifying other people's data.
  2. Reveal the problem to others until it has been resolved.
  3. Use attacks on physical security, social engineering, distributed denial of service, spam or applications of third parties.

What we promise:

  1. We will respond to your report within two business days with our evaluation of the report and an expected resolution date.
  2. We will handle your report with strict confidentiality, and not pass on your personal details to third parties without your permission.
  3. We will keep you informed of the progress towards resolving the problem.
  4. If you have followed the instructions above, we will not take any legal action against you in regard to the report.
  5. You will be given credit (unless you state otherwise) in our Security Researcher Hall of Fame.

Out of scope

Any services hosted by 3rd party providers and services are excluded from scope.

Security Researcher Hall of Fame

Name of researcher

Hacker Alias

Links

Description

Date Reported

Time To Fix

Md. Nur A Alam Dipu

nuraalamdipu

https://twitter.com/Dipu1A

https://bugcrowd.com/nuraalamdipu​

XSS on nature.com

19th February 2019 1443hrs

1 hour

Sushmitha Katikitala

  

https://www.linkedin.com/in/sushmitha-katikitala-04815558/

  

26th April 2019 0816hrs

  

Lacroute Serge

  

https://twitter.com/fakessh

  

09th May 2019 0931hrs

  

Shivam Pravin Khambe

  

https://twitter.com/ShivaRa42316756
https://www.linkedin.com/in/shivam-khambe-9a982b180/

  

15th April 2019 1331hrs

  

Pethuraj M

  

https://www.pethuraj.in 
https://www.linkedin.com/in/pethu/

  

24th May 2019 1743hrs

  

Akshat Dubey

    https://www.linkedin.com/in/akshatexe/    

13th June 2019 0953hrs

    

Sachin Gupta

   https://www.linkedin.com/in/sachin-gupta-cyber-expert-370a4718   

16th July 2019 0652hrs

   

Aaditya Kumar Sharma

   https://www.linkedin.com/in/assassin1337/
https://twitter.com/Assass1nmarcos
    

29th May 2019 1331hrs

   
Vikas Srivastava, INDIA 007vikaxhhttps://www.linkedin.com/in/007vikaxh 26th June 2019 1249hrs  


Stay up to date

_
Follow us on Twitter

Here to foster information exchange with the library community

_
Connect on LinkedIn

Connect with us on LinkedIn and stay up to date with news and development.

small_youtube