# Security

At **IRS Systementwicklung GmbH** we embed **Security by Design** principles throughout the entire product lifecycle. This means security is integrated from the earliest stages of development to ensure compliance with the **Cyber Resilience Act (CRA)** and to protect our customers against evolving threats.

### Our Approach to Security by Design

* **Secure Development Lifecycle:** We apply secure coding practices, code reviews, and automated security testing.
* **Risk-Based Architecture:** Threat modeling and hardening measures are part of every design phase.
* **Continuous Monitoring:** We track vulnerabilities and apply timely patches to maintain resilience.

### How to Report a Vulnerability

If you discover a potential security issue in our products or services, please report it to:

**Email:** <mark style="background-color:yellow;"><security@irs.systems></mark>

When reporting, include:

* A clear description of the vulnerability
* Steps to reproduce
* Impact and affected components
* Optional: logs, screenshots, or proof-of-concept

## Patch Management

We follow a structured patch management process to ensure timely remediation of vulnerabilities:

1. **Identification:** Vulnerabilities are detected through internal testing, external reports, and automated scans.
2. **Assessment:** Each finding is analyzed for severity, impact, and exploitability.
3. **Prioritization:** Critical and high-risk issues are addressed immediately; others follow scheduled patch cycles.
4. **Remediation:** Fixes are developed, tested, and deployed with minimal disruption.
5. **Verification:** Post-patch validation ensures the vulnerability is fully resolved.
6. **Transparency:** We publish CVE details and patch timelines here for compliance and trust.

### Patch Timeline

| ID (CVE) | Description | Severity | Identified On | Patched On |
| -------- | ----------- | -------- | ------------- | ---------- |
|          |             |          |               |            |

#### Notes:

* **Severity** is based on CVSS scoring and internal risk assessment.
* We aim to patch **Critical** vulnerabilities within 7 days and **High** within 30 days.
* Patched installers and updated drivers for all resolved vulnerabilities are available on our download page.

<p align="center"><a href="https://downloads.irs.systems/" class="button primary" data-icon="square-down">Downloads</a></p>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.irs.systems/trust/security.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.