The security teams at KEBA strongly believe that collaboration with the security community is vital to fulfill our mission statement "Technologies of KEBA help people to make the world of life and work easier". We are prepared to work in good faith with individual researchers, Cyber Emergency Response Teams (CERTs), customers and others who might discover and submit vulnerability reports on various KEBA products and infrastructure.
More information about our values and responsibilities, including the company policy, can be found at /values-responsibility
Vulnerability Disclosure Policy
The purpose of the KEBA vulnerability disclosure policy is to establish the rules for the review, evaluation, application, and verification of system updates to mitigate vulnerabilities in the IT-environment and the associated risks. Guidelines for reporting security vulnerabilities and data protection related issues are also part of this policy.
Our Vulnerability Dislcosure Policy is available on the KEBA website:
Our security.txt, following RFC 9116, is located at:
Fingerprint of security.txt PGP-Key: F9910975F2E04CBC6F3B8B2DAF8FADA137B3995D
Contact
| Name | E-Mail-Address | PGP-Key | PGP-Key-Fingerprint | Published to PGP global directory | Expires |
|---|---|---|---|---|---|
| KEBA Infrastructure Security (CSIRT) | | 6E96689A9E2409F102B5A80A0D5E649FB183EE8F | | 05.02.2026 | | |
| KEBA Product Security (PSIRT) | | F9910975F2E04CBC6F3B8B2DAF8FADA137B3995D | | 05.02.2026 | |
For anonymous reports, the KEBA whisteblowing platform (Integrity Line) can be used. Please note, that using the integrity line may lead to increased response times.
Thank you for your request.
Last modification: 05.06.2025
