When discovering a security problem / vulnerability in one of our systems, we request that the discoverer of this problem contact us. We appreciate the careful reporting of such vulnerabilities according to the conditions below and are happy to work together so that we can take measures as quickly as possible.
We ask you to adhere to the following conditions:
- Contact us via firstname.lastname@example.org.
- Use this PGP key to sign and protect your message!
- Do not abuse or share the problem with others until it is resolved;
- Erase any confidential data obtained immediately or at the latest after resolving the vulnerability.
Further processing takes place as follows:
- We will respond to the report as soon as possible, but no later than within 3 working days. If possible, we will provide our assessment and an expected date for resolution. We will keep you informed of the progress of solving the problem;
- We will get in touch with you to safely exchange necessary details. Usually the IP address or URL of the affected system and a description of the vulnerability will suffice, but more complex vulnerabilities may require more detailed information;
- When duplicate reports are received about a specific security issue, any reward will be awarded to the first person to report the security issue. We determine whether there is a double report and do not share substantive data about the reports concerned;
- We aim to resolve all issues as quickly as possible and are happy to be involved in any publication of the issue after it has been resolved;
- We treat your report confidentially and will not share your personal information with third parties without your permission unless this is necessary to comply with a legal obligation. In reporting the reported problem, we will list your name as ’the discoverer’ if you wish;
- If you have complied with the above conditions, we will not take legal action against you regarding the reported security problem.
As a thank you for your efforts and support, we offer a reward for every report of a security problem unknown to us. We determine the size of the reward.
Do you have any questions? Please feel free to contact us via: email@example.com or by phone: +31(0)85 303 8429.