Skip to content

Responsible Disclosure Policy

As a leading solution provider of a cybersecurity platform for SAP customers, the protection of our customers and partners is our highest goal. We use modern tools and processes to test our solutions for defects in the best possible way. Defined quality gates have been established to ensure that program errors that could lead to a vulnerability are detected early in the development process. Likewise, we undergo a separate testing protocol for each package that leaves our premises, which also highlights security aspects.

Updated and Effective: Feb 9th, 2021

Data security is a top priority for NCMI GmbH // SecurityBridge, and we believe that working with skilled security researchers can identify weaknesses in any technology.

If you believe you’ve found a security vulnerability in Issuer Direct’s service, please notify us; we will work with you to resolve the issue promptly.

Disclosure Policy:

  • If you believe you’ve discovered a potential vulnerability, please let us know by emailing us at support@securitybridge.com. We will acknowledge your email within 4 hours.
  • Provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues within 24 hours of disclosure.
  • Make a good faith effort to avoid violating the privacy, destroying data, or interrupting or degrading the Issuer Direct service. Please only interact with accounts you own or for which you have explicit permission from the account holder.

Research Policy:

While researching, we’d like you to refrain from:

  • Distributed Denial of Service (DDoS)
  • Spamming
  • Social engineering or phishing of Issuer Direct employees or contractors
  • Any attacks against NCMI’s physical property or data centers.

Thank you for helping to keep SecurityBridge Direct and our Customers safe!

Latest Resources

Game changer: Managed SAP Security Services

Many companies have recognized the need for SAP cybersecurity, but many have also realized that they cannot accomplish this alone. There are many reasons for this. It can be due to the internal teams' workload or due to the employee's level of knowledge. However, there is a solution that neither burdens your internal staff nor demands additional knowledge. A specialized managed SAP Security Service allows you to harden mission-critical systems, detect and promptly counteract non-compliance, and implement monitoring with accurate anomaly detection.

SecurityBridge Releases New One-Click SAP Patch Automation 

SAP security provider SecurityBridge—now operating in the U.S.—today announced the full integration of its SAP Security Platform with the Microsoft Sentinel cloud-native Security Information and Event Manager (SIEM) platform and its membership to MISA. SecurityBridge was nominated to MISA because of the integration of its SAP Controller to the Microsoft Sentinel dashboard. SecurityBridge is a Smart Data Adapter that significantly simplifies security monitoring of critical and highly specific business applications.

IT-SiG 2.0 – Angriffserkennung für SAP ab 1. Mai 2023 ein muss 

Viele unserer Leserinnen und Leser erinnern sich noch an den 25. Mai 2018, Stichtag der bindenden Einführung der Datenschutzgrundverordnung, kurz DSGVO. Verstöße gegen die neue Regelung können seitdem zu drakonischen Strafen führen. Nun steht, zumindest für diejenigen Unternehmen, die zur kritischen Infrastruktur (KRITIS) von Deutschland zählen, ein ähnlicher Termin ins Haus. Am 1. Mai 2023 müssen betroffene Unternehmen ein System zur Angriffserkennung eingeführt haben.

External vs. Internal SAP Cybersecurity Risks: The differences

Recently, we gave an insight into the known SAP attackers in our blog. Of course, it can already be deduced from this that there are internal and external SAP attackers. That is why today, we want to look at this from an SAP cybersecurity risk perspective.

SAP Security Patch Day – November 2022

Today, November 8, 2022, SAP releases a total of 10 patches and 2 updates from the previous released Patch Day Security Notes.

SAP Business Technology Platform (SAP BTP) Security Considerations

Certainly, inspired by the many conversations we had at this year's DSAG Annual Congress 2022, it is time to give some insights into the SAP Business Technology Platform. As a software vendor with a core focus on SAP security, it is our job to look at the security concerns of new SAP technology. Our approach is to understand our customers' concerns and integrate effective and efficient solutions into our cybersecurity solution for SAP. The SAP Business Technology Platform is the talk of the town and seems to be SAP's new winning concept.