Responsible Disclosure Policy

As a leading solution provider of a cybersecurity platform for SAP customers, the protection of our customers and partners is our highest goal. We use modern tools and processes to test our solutions for defects in the best possible way. Defined quality gates have been established to ensure that program errors that could lead to a vulnerability are detected early in the development process. Likewise, we undergo a separate testing protocol for each package that leaves our premises, which also highlights security aspects.

Updated and Effective: Feb 9th, 2021

Data security is a top priority for NCMI GmbH // SecurityBridge, and we believe that working with skilled security researchers can identify weaknesses in any technology.

If you believe you’ve found a security vulnerability in Issuer Direct’s service, please notify us; we will work with you to resolve the issue promptly.

Disclosure Policy:

  • If you believe you’ve discovered a potential vulnerability, please let us know by emailing us at support@securitybridge.com. We will acknowledge your email within 4 hours.
  • Provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues within 24 hours of disclosure.
  • Make a good faith effort to avoid violating the privacy, destroying data, or interrupting or degrading the Issuer Direct service. Please only interact with accounts you own or for which you have explicit permission from the account holder.

Research Policy:

While researching, we’d like you to refrain from:

  • Distributed Denial of Service (DDoS)
  • Spamming
  • Social engineering or phishing of Issuer Direct employees or contractors
  • Any attacks against NCMI’s physical property or data centers.

Thank you for helping to keep SecurityBridge Direct and our Customers safe!

Latest Resources

A Day in the life of a SecurityBridge Senior Product Developer

Here at SecurityBridge, we are extremely lucky to have a team full of amazing professionals. Thanks to our team, we have achieved extraordinary things in the past couple of years. With that in mind, we thought it was time for us to start introducing you to the team that drives everything behind the scenes. And we couldn't have chosen a better example to start with than our very own, Harish Dahima! Read on and learn all about Harish's life as a Senior Product Developer, his role, and life at SecurityBridge.

Top 5 security concerns for the SAP Cloud Connector

Every organization constantly faces the challenge of minimizing the attack surface that an adversary could use to perform malicious operations. To do this, administrators must install the deployed components and understand them in detail to identify risks and proactively mitigate or prevent those. Today we are looking at what is necessary to protect the SAP Cloud Connector.

Why we do our #CrossTheBridge cycling event

It was John F. Kennedy who once said: “nothing compares to the simple pleasure of a bike ride”. And what a pleasure it has been! We had our annual bike ride with friends from Accenture, Deloitte, CGI, McCoy, Thales, KPN, Hunt &Hacket, and security leaders from major customers. We had a lot of opportunities for exchange in the cozy atmosphere among like-minded people who all love road cycling and have SAP Security improvement in mind.

SecurityBridge at the DSAG Annual Congress 2022: How to protect SAP systems during these times

Together with its partner, Fortinet, the SAP Security specialist company will present how to close the gap between SAP and network security in Leipzig.

How to use the SAP Expert Search to find the SAP Patch Day Notes

After many years in the SAP eco-system, I know many good and bad practices exist in the IT Departments of – to be frank – every organization on this planet. Initiated by the SAP Security Patch Day in September 2022, our team has nudged me to share some knowledge. In this short how-to description, we want to explain the correct usage of the SAP Launchpad Expert Search to get the most accurate result looking for SAP Security Notes. If you want to find out how this powerful tool works, keep on reading.

SecurityBridge Integrates Its SAP Security Platform With Microsoft Sentinel And Announces It
Has Joined The Microsoft Intelligent Security Association (MISA)

SAP security provider SecurityBridge—now operating in the U.S.—today announced the full integration of its SAP Security Platform with the Microsoft Sentinel cloud-native Security Information and Event Manager (SIEM) platform and its membership to MISA. SecurityBridge was nominated to MISA because of the integration of its SAP Controller to the Microsoft Sentinel dashboard. SecurityBridge is a Smart Data Adapter that significantly simplifies security monitoring of critical and highly specific business applications.