The City of Mainz is committed to the security of its IT infrastructure and strives to quickly identify and address vulnerabilities. We therefore thank all security researchers and independent experts for their help in identifying vulnerabilities and improving our security measures.
We do not operate a bug bounty program and do not offer financial rewards for reported vulnerabilities. Our focus is on the rapid and effective resolution of vulnerabilities in the interest of public safety.
We expect that the points listed below are adhered to so that your vulnerability report can be incorporated into our Coordinated Vulnerability Disclosure (CVD) process.

• We treat every reported vulnerability as confidential in accordance with legal requirements.
• We accept vulnerability reports via our email address cvdstadt.mainzde. Encrypted communication methods may be used upon agreement.
• We will not disclose your personal data to third parties without your express consent. You may also submit your report to us anonymously or under a pseudonym.
• will not take any legal action against you as long as you have complied with the policy and principles. This does not apply if recognizable criminal intent was or is being pursued.
• If desired, we will publish your name/alias and a reference of your choice on the acknowledgment webpage ("Hall of Fame"), provided that a significant vulnerability has been reported.

Please note the privacy policy if you have provided personal data in your report.

• the identified vulnerability was not exploited maliciously. This means, among other things, that no damage was caused beyond the reported vulnerability.
• No attacks (such as social engineering, spam, (distributed) DoS, or “brute force” attacks, etc.) were carried out against IT systems or infrastructure.
• No manipulation, compromise, or alteration of third-party systems or data was carried out.
• No tools for exploiting vulnerabilities—e.g., on darknet markets, whether for a fee or free of charge—were offered that third parties could use to commit criminal offenses.