For the city of Thun, Cybersecurity is a priority. We value the contributions of security researchers in creating a safer web for everyone.

Scope

All citizens, users, researchers, partners and any other individuals interacting with our web services are encouraged to report any vulnerabilities they identify in our systems.

Legal Safe Harbor

Actions that comply with the guidelines in this document will be interpreted as authorised access and we will not take legal actions against you. If criminal charges are initiated against you and you have fully complied with our guidelines, we will inform the relevant authorities, that your actions were conducted in accordance with our VDP.

What we expect from you / Guidelines

• Report all vulnerabilities in our systems promptly and exclusively to us.
• Do not exploit vulnerabilities any further than is necessary to prove their existence.
• Do not commit any social engineering, phishing, spamming or attempt to gain physical access.
• Do not endanger the availability of our systems (e.g. DoS/DDoS, Brute-Force, excessive scanning, etc.)
• Do not install any malware.
• Do not conduct privilege escalation.
• Do not use, dump, exfiltrate, misuse, share, manipulate or delete data on our systems.
• Do not share any information about vulnerabilities with third parties or make it public without our explicit written consent.

What you can expect from us

• A first response within a week
• A dialog about the vulnerability
• Updates on the timeline to fix the vulnerability
• Public recognition including the date, name and type of vulnerability

Contact Information

For all vulnerabilities concerning *.thun.ch: it-security@thun.ch

For vulnerability found on www.thun.ch, please also contact csirt@i-web.ch.

Preferred languages: de, en

Hall of Fame

The following individuals have responsibly submitted vulnerability reports to us. We are very thankful to their commitment towards a safer web for all.