We consider the security of our systems to be of the highest importance. Although we do our best to keep our systems secure, it is possible that there are still vulnerabilities present.
If you discover such a vulnerability, we ask you to immediately report it to us. This way we can take immediate action and work together to provide better protection for our customers and systems.
We ask you:
- To send an email about your findings to firstname.lastname@example.org. Encrypt your findings with our PGP key to prevent the information from falling into the wrong hands,
- Not to abuse the problem by, for example, downloading more data than necessary to demonstrate the leak or viewing, deleting or modifying data of third parties,
- Not to share the problem with others until it is resolved and to immediately delete all confidential information obtained through the leak,
- Not to use attacks on physical security, social engineering, distributed denial of service, spam or third-party applications,
- To provide sufficient information to reproduce the problem so that we can resolve it as quickly as possible. Usually, the IP address or URL of the affected system and a description of the vulnerability are sufficient, but for more complex vulnerabilities, more may be needed.
What we promise:
- We will respond within 3 days to your report with our assessment of the report and an expected solution date,
- If you have adhered to the above conditions, we will not take any legal action against you regarding the report,
- We will treat your report confidentially and will not share your personal data with third parties without your permission, unless necessary to comply with a legal obligation. Reporting under a pseudonym is possible,
- We will keep you informed of the progress of resolving the problem, and
- In communications about the reported problem, if you wish, we will mention your name as the discoverer
We aim to resolve all issues as quickly as possible and we would be pleased to be involved in any publication about the issue once it is resolved.
Our responsible disclosure policy is based on responsibledisclosure.nl by Floor Terra , published under the Creative Commons Attribution 3.0 license .