Responsible Disclosure Policy

At TTTech Auto, we take cybersecurity seriously and we are committed to maintaining the security of our products and service offerings. We recognize the valuable role that the cybersecurity community plays in identifying vulnerabilities.

We encourage independent research and ethical hacking of our products. If you have found a vulnerability, we would be happy if you inform us in accordance with the guidelines provided below.

Scope for reporting

This policy only applies to products developed by TTTech Auto. If you find a security issue that is not related to our products, please report it to auto-security@tttech-auto.com.

How to notify us

To report product related issues reach us directly to psirt@tttech-auto.com.  To ensure the confidentiality of the report, please use our PGP key to encrypt sensitive information.

In the report, consider including the following information: 

  • Your contact details (name and public PGP key).
  • Detailed description of the vulnerability or weakness.
  • Description of the attack steps to exploit the vulnerability, if applicable.
  • Working proof of concept is welcome, but not required.

We will investigate legitimate reports and get back to you as soon as possible.

Responsible behavior

TTTech Auto will never take legal action against cybersecurity researchers or ethical hackers that act in good faith. When performing your research or vulnerability hunting, please make sure that:

  • Any private data is not disclosed to third parties.
  • Safety is never affected and, if it is, the research activities should be stopped.
  • If the research affects any specific individual, for example, a vehicle owner, make sure to contact them and obtain their permission before proceeding further.
  • We are notified as soon as possible, especially if safety or privacy is affected.

TTTech Auto encourages responsible disclosure of the results and outcomes of cybersecurity research such as articles, conference presentations and publications in printed and online media. You will be welcome to publish your results once the vulnerability is fixed.