Responsible Disclosure Statement

BASF investigates all reports of security vulnerabilities affecting BASF web presence. If you are a security researcher and believe you have found a security vulnerability, please send an e-mail to us at BASF Responsible Disclosure.

Our guidelines

  • Give us enough details to reproduce the vulnerability
  • Allow us a reasonable amount of time to fix the vulnerability before making any information public
  • Avoid data deletion, unauthorized data access, and service disruption while testing the vulnerability you found
  • Do not ask for compensation for your report
     

Our commitment

  • We will let you know when we received your report
  • We will give you an estimate of how long the fix will take
  • We will tell you when we have fixed the vulnerability
     

Our thanks

If your vulnerability report is valid and you would like to be recognized for your contribution, we will gladly add you to our “Heroes of BASF” list, by name or anonymously. We will only add you to our “Heroes of BASF” list, if this is explicitly requested by you.

 

Heroes of BASF

The following researchers have helped us identify and fix vulnerabilities. Thanks to all!

2024

Karthikeyan.C    LinkedIn

Prial Islam   https://pri.al

Ashish Rai

Everton (Hydd3n)   LinkedIn

Sahil Prashant Jadhav

Vrushali Tukaram Sadhana Pote    LinkedIn

Sagar Rawat    Twitter

Saumadip Mandal    Twitter

Aditya Singh    LinkedIn

Debasis Pradhan    LinkedIn

Nitya Nand Jha (Shunux)   LinkedIn

Varel Valensio   LinkedIn

Ashish Rai    LinkedIn

Vedavyasan S (ved4vyasan)

Shivang Maurya

Brijesh (Redhet) Twitter (X)

Ishwar Kumar

Ramim (nayeems3c)  Twitter (X)

Rabindra Man Bajracharya  Linkedin

Henav Doshi   Linkedin

Vikash Gupta   Linkedin

Jitendra Behera

Aurang Maheta  Linkedin

Rishyendra M.

Omkar Harishchandra Mirkute   Linkedin

Jitendra Behera   Linkedin

Kunal Rajendra Sonavane   Linkedin

Koresh Babu  LinkedIn

Sarvagn Pathak  LinkedIn

Mohd Ali (revengerali)  LinkedIn

Mukund Bhuva  LinkedIn

Abdelrahman Ibrahim Farg  LinkedIn

2023

2022

2021

2020

2019

2018

2017

Please note: In sharing information with us, you agree that the information will be considered as non-proprietary and non-confidential and that we are allowed to use the information in any manner, in whole or in part, without any restriction. Sharing information with us does not constitute any rights for you or any obligation for us.

Please do not share any personal information with us. Any personal information shared with us will be processed and used in accordance with the applicable data protection regulation; however, BASF will not store any personal information about you unless you provide them to us. By requesting to be added to our “Heroes of BASF” list, you explicitly consent in the publication, use and processing of your name.