Security Policy / Responsible Disclosure

We take the security of our Autodesk Inventor add-ins and our services seriously and welcome reports from security researchers and users.

How to report

Email [email protected] with:

• a description of the issue and the product/version affected,
• steps to reproduce (a proof-of-concept if available),
• the potential impact as you see it.

Please do not publicly disclose the issue until we have had a reasonable opportunity to address it.

Our commitment

• We acknowledge your report within 5 business days.
• We investigate and keep you informed of progress.
• We agree a coordinated disclosure timeline with you and credit you (if you wish) once a fix is available.

Scope

• Our add-ins for Autodesk Inventor (ADC, SMDC and related products).
• Our web services at bluemech.de (licensing endpoints).

Out of scope / safe harbour

• Do not run automated scans that degrade service, access other users’ data, or destroy data.
• Testing must stay within your own licence/trial and your own machine.
• Good-faith research conducted under this policy will not be pursued legally by us.

What we ask you not to do

• No social engineering, physical attacks, or denial-of-service.
• No accessing, modifying, or deleting data that is not yours.