placeB (Vulnerability Disclosure Program)
placeB AG is committed to ensuring the security of their users by protecting their information. This policy is intended to give security researchers clear guidelines for conducting vulnerability discovery activities and to convey our preferences in how to submit discovered vulnerabilities.
placeB provides self-storage facilities at over 25 locations in Switzerland. The process from booking to physical access to the storage room is fully digitalised: the customer books his storage box online, downloads an app on his smartphone and uses it to open all the doors to his personal storage box. placeB's IT infrastructure includes an IoT solution which manages all remote self-storage centres and controls access to the storage units.
Not in scope: All (sub) domains and services that are not explicitly listed, are not in scope
Website with booking, checkout and payment process. Friendly hackers are allowed to create new users or book a storage room for testing (in compliance with the rules of section "Rules - Creating users and booking a storage room")
Backend server (in compliance with the rules of section "Rules - Physical Part")
IOT Gateway Server
- Android App
Android App to manage bookings, account and accessing the storage room. Google Play Store
- iOS App
iOS App to manage bookings, account and accessing the storage room. App Store
placeB AG gives their approval for security researchers to use hacking methods based on the specified briefing. Due to this consent, the criminal liability criterion of unauthorized obtaining/unauthorized use and thus the criminal liability of the security researchers with regard to the criminal offenses in Art. 143 Swiss Criminal Code (Unauthorised obtaining of data) and Art. 143bis Swiss Criminal Code (Unauthorised access to a data processing system) does not apply.