Vulnerability Lab
With the Vulnerability Lab, SEC Consult operates its own internal security laboratory, in order to ensure an international know-how advantage over attackers in the areas of network and application security. In addition, this facility serves the support with high-quality penetration tests and with the evaluation of new technologies and is at the service of our customers. Thus, they receive the latest information about security gaps and valid statements about the risk profile of new technologies.
Our Vulnerability Lab follows a Responsible Disclosure Policy which aims to provide vendors with the necessary information and timeframe needed to validate and fix a security flaw in order to mutually coordinate the public release of a security advisory as part of our responsible disclosure process. This document also clarifies the extent and limitation of effort the SEC Consult Vulnerability Lab will invest. It can be found here.
Here you find all our studies and whitepapers.
You can reach our Vulnerability Lab through security-research(at)sec-consult.com. The PGP key with fingerprint F9A9D4AF3DC2D298835090252D2DD7B5C6EE883F can be downloaded here.
The SEC Consult Vulnerability Lab is also an official CNA (CVE Numbering Authority) and our scope for assigning CVE numbers is all vulnerabilities discovered in third-party hardware/software by the SEC Consult Vulnerability Lab, which are not in another CNA's scope.