BASF investigates all reports of security vulnerabilities affecting BASF web presence. If you are a security researcher and believe you have found a security vulnerability, please send an e-mail to us at BASF Responsible Disclosure.To encrypt your transmission with our PGP key, please follow the instructions on the BASF Secure Mail site here. To help with secure communication we also have the option to communicate securely here after you have registered.
If your vulnerability report is valid and you would like to be recognized for your contribution, we will gladly add you to our “Heroes of BASF” list, by name or anonymously. We will only add you to our “Heroes of BASF” list, if this is explicitly requested by you. Some reports are also eligible for swag. If your report is eligible, we would also like to send you a little something as a thank you—include your preferred shirt style, size, and mailing address in your report.
The following researchers have helped us identify and fix vulnerabilities. Thanks to all!
Please note: In sharing information with us, you agree that the information will be considered as non-proprietary and non-confidential and that we are allowed to use the information in any manner, in whole or in part, without any restriction. Sharing information with us does not constitute any rights for you or any obligation for us.
Please do not share any personal information with us. Any personal information shared with us will be processed and used in accordance with the applicable data protection regulation; however, BASF will not store any personal information about you unless you provide them to us. By requesting to be added to our “Heroes of BASF” list, you explicitly consent in the publication, use and processing of your name.