Compass Security employees regularly identify 0day security weaknesses in products, either during customer projects or during their research time. We report such vulnerabilities to the respective vendors and believe in coordinated disclosure, as long as the vendor acts in its and our clients’ best interests and provides us with regular and constructive feedback. If any of these conditions are not met, Compass Security might opt for full disclosure as defined in our Vulnerability Disclosure Policy.




Compass Security Blog

Area41 2018 Wrap Up

Introduction Last Friday and Saturday (15./16. June 2018), the 6th edition of the security conference Area41 (formerly Hashdays, organized by DEFCON Switzerland... more

Compass at Area41 2018

We are at the Area 41 conference! This IT Security Conference is happening on the 15/16th of June in 2018 in Zürich. Compass Security supports this non-profit event as Platinum Sponsor. We’ll have a... more



Industrial Cyber Security Days 2018

IT-Security in industriellen Anlagen – sicher in die Zukunft starten! Read more

Swiss Cyber Storm 2018

Die internationale IT Security Konferenz findet heuer am Dienstag, 30. Oktober 2018 im Kursaal Bern statt. Read more



Vulnerability in Homeputer CL Studio for HomeMatic

Thierry Viaccoz identified an incorrectly designed access control in Homeputer CL Studio for HomeMatic. Read more

Vulnerability in Vert.x Framework

Lukasz D. identified an HTTP header injection vulnerability in Vert.x Framework. Read more

Vulnerabilities in ONELAN Content Management System

Stephan Sekula identified vulnerabilities in ONELAN Content Management System (CMS) Read more