Security
At IRS Systementwicklung GmbH we embed Security by Design principles throughout the entire product lifecycle. This means security is integrated from the earliest stages of development to ensure compliance with the Cyber Resilience Act (CRA) and to protect our customers against evolving threats.
Our Approach to Security by Design
Secure Development Lifecycle: We apply secure coding practices, code reviews, and automated security testing.
Risk-Based Architecture: Threat modeling and hardening measures are part of every design phase.
Continuous Monitoring: We track vulnerabilities and apply timely patches to maintain resilience.
How to Report a Vulnerability
If you discover a potential security issue in our products or services, please report it to:
Email: [email protected]
When reporting, include:
A clear description of the vulnerability
Steps to reproduce
Impact and affected components
Optional: logs, screenshots, or proof-of-concept
Patch Management
We follow a structured patch management process to ensure timely remediation of vulnerabilities:
Identification: Vulnerabilities are detected through internal testing, external reports, and automated scans.
Assessment: Each finding is analyzed for severity, impact, and exploitability.
Prioritization: Critical and high-risk issues are addressed immediately; others follow scheduled patch cycles.
Remediation: Fixes are developed, tested, and deployed with minimal disruption.
Verification: Post-patch validation ensures the vulnerability is fully resolved.
Transparency: We publish CVE details and patch timelines here for compliance and trust.
Patch Timeline
Notes:
Severity is based on CVSS scoring and internal risk assessment.
We aim to patch Critical vulnerabilities within 7 days and High within 30 days.
Patched installers and updated drivers for all resolved vulnerabilities are available on our download page.
Last updated
Was this helpful?