Skip to content

Responsible Disclosure Policy

As a leading solution provider of a cybersecurity platform for SAP customers, the protection of our customers and partners is our highest goal. We use modern tools and processes to test our solutions for defects in the best possible way. Defined quality gates have been established to ensure that program errors that could lead to a vulnerability are detected early in the development process. Likewise, we undergo a separate testing protocol for each package that leaves our premises, which also highlights security aspects.

Updated and Effective: Feb 9th, 2021

Data security is a top priority for NCMI GmbH // SecurityBridge, and we believe that working with skilled security researchers can identify weaknesses in any technology.

If you believe you’ve found a security vulnerability in Issuer Direct’s service, please notify us; we will work with you to resolve the issue promptly.

Disclosure Policy:

  • If you believe you’ve discovered a potential vulnerability, please let us know by emailing us at We will acknowledge your email within 4 hours.
  • Provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues within 24 hours of disclosure.
  • Make a good faith effort to avoid violating the privacy, destroying data, or interrupting or degrading the Issuer Direct service. Please only interact with accounts you own or for which you have explicit permission from the account holder.

Research Policy:

While researching, we’d like you to refrain from:

  • Distributed Denial of Service (DDoS)
  • Spamming
  • Social engineering or phishing of Issuer Direct employees or contractors
  • Any attacks against SecurityBridge’s physical property or data centers.

Thank you for helping to keep SecurityBridge Direct and our Customers safe!

Latest Resources

5 Steps for Kick-starting Holistic SAP Security in 1 Day

SAP Security teams can kick-start a comprehensive security platform and gain significant improvements already within a day. What they need is a holistic platform and a guided approach to SAP Security.

SAP Vulnerability Management vs SAP Patch Management

This article explores the differences between the 2 processes and how they can help bolster the security of SAP systems.

Sales & Partner Manager – APAC Market (Singapore)

We are expanding our operation in the APAC region and are looking for an experienced Sales & Partner Manager to join our team in Singapore. The ideal candidate will have at least 5 years of experience in sales, with a focus on software sales, SAP security, or cybersecurity.

Pre-Sales Consultant – APAC Singapore

As a Pre-Sales Consultant at SecurityBridge, you will be instrumental in our rapid expansion within the APAC region. You will directly contribute to the growth of our innovative SAP security solution, SecurityBridge.

SAP Security Patch Day – April 2024

For April 2024, 10 new Security Notes have been released and 2 have been updated. What stands out is that there are no ‘Hot News’ notes in this release. But let that not be a reason to ‘lower your guard’! We explore some interesting highlights below.

The ‘Rapid Reset Attack’ – an SAP perspective

Recently, we have seen the release of several SAP Security notes that address the so-called ‘Rapid Reset Attack’ vulnerability. In this blog, we will zoom in on this vulnerability, look at how it affects SAP systems, and what counter measures can be taken.