// Discover to Manage

Vulnerability Disclosure Policy

Raynet Vulnerability Disclosure Policy: Guidelines for Reporting Security Issues

At Raynet, we are committed to protecting our customers’ data and maintaining the highest security standards for our enterprise software solutions. We value the security research community and welcome responsible disclosure of potential vulnerabilities in our systems and products.

This policy provides clear guidelines for security researchers and penetration testers on how to report vulnerabilities to us in a responsible manner.

We Value Security Research

Security researchers and penetration testers play a crucial role in keeping our customers safe. We appreciate your efforts to help us identify and resolve security issues, and we want to make it as easy as possible for you to reach the right people at Raynet.

Scope: What is Covered

This vulnerability disclosure policy applies to the following Raynet systems and services:

Raynet One platform

Raynet Products

All Raynet One platform components and interfaces:
Raynet One: Technology Catalog
RayVentory (Asset Management)
RayManageSoft (Unified Endpoint Management)
RayPack Studio (Application Packaging)
RayFlow (Workflow Management)
RaySAMi (Software Asset Management)
RayQC (Quality Control)
RayEval (Evaluation Tools)

Web Properties

Our website and all subdomains
Or any internet-facing Raynet services, that are hosted by us

Important: Any system not explicitly listed above is outside the scope of this policy. If you are unsure whether a system is in scope, please contact us at cert@raynet.de before beginning your research.

How to Report a Vulnerability

Primary Contact
Email: cert@raynet.de

This email goes directly to our security team and bypasses general IT support to ensure your report reaches the right people immediately.

What to Include in Your Report
To help us understand and address the issue quickly, please include:

Vulnerability Description

Clear description of the vulnerability
Potential impact and risk level
Affected system(s) or product(s)

Reproduction Steps

Detailed steps to reproduce the issue
Proof of concept (if applicable)
Screenshots or evidence

Your Contact Information (optional but recommended)

Name or handle
Email address for follow-up
Preferred communication method

Timeline Expectations

Any disclosure deadlines you are working with

What You Can Expect From Us

When you report a vulnerability to Raynet:

Rapid Response: We will acknowledge your report within 1 business day.

Regular Updates: We will provide status updates every 7 business days until resolution.

Direct Communication: You will work directly with our technical security team.

Transparency: We will keep you informed about our remediation timeline and any challenges we encounter, inducing keeping you informed of our CVE reporting status.

Recognition: With your permission, we will acknowledge your contribution during the CVE disclosure process.

Good Faith Research Protection

If you conduct security research in good faith and follow this policy:

We consider your research authorized
We will not pursue legal action against you
We will work collaboratively with you to resolve issues

Research Guidelines

Authorized Activities

Vulnerability scanning and testing within scope
Proof of concept development (non-destructive)

Prohibited Activities

Denial of Service (DoS/DDoS) attacks
Data destruction or manipulation
Privacy violations or data exfiltration
Accessing customer data or systems
Disrupting production services
Spam or high-volume automated testing
Social engineering against Raynet employees (without prior approval)
Physical security testing (without prior coordination)

Responsible Disclosure Timeline

We request 90 days from initial report to public disclosure to allow adequate time for:

Investigation and verification
Development and testing of fixes
Coordination with customers for updates
Security advisory preparation

Questions About This Process

If you have questions about this policy or experience any issues reaching our security team, contact:

Email: cert@raynet.de

Raynet GmbH
Technologiepark 22
33100 Paderborn, Germany

This policy was last updated: [March 1st, 2026]
Next review date: [March 1st, 2027]

// We are, where you are

Contact our experts

Interested in our solutions, need further Information, or have questions?

With more than 25 years of experience and numerous customer projects worldwide, we can help you with your challenges – contact us today!

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.