We highly value the security and privacy. Despite all our effort and attention to the secretary of our systems, flaws can still occur. If you find a flaw in one of our systems, please do report it as quickly as possible, so we can take adequate measures. We would like to collaborate with you to provide the best software to our customers, and protect their data.
This is what we ask of you:
- Please report your findings to firstname.lastname@example.org. Please use our PGPkey to encrypt your information, and send it to us safely. Please do not take advantage of the problem by downloading more data than necessary for indicating the breach, nor to view, delete, or change data of third parties.
- Please do not discuss the problem with others, until it is solved. Also, we ask you to delete all prospective confidential data, you may have obtained because of the breach.
- Please do no take advantage of the breach by attacking physical security, social engineering, distributed denial of service, spam of applicaties of third parties.
- Please provide us with enough information so we can reproduce the problem and solve it swiftly. In most cases, the IP address or URL of the concerning system and a detailed description of the vulnerability are sufficient. In some cases, more information is required.
This is what we promise you:
- We will respond to your report within 3 days, with an estimation of the urgency and expected resolution date.
- If you have followed the requirements as mentioned above, we will not take any legal steps towards you or your organisation, regarding the reported issue.
- We will always handle your report with utmost discretion and carefulness - and we will not share your personal data with third parties, unless this is absolutely necessary for legal reasons. We can also use an alias.
- We will keep you informed about the progression of the resolution of the problem.
- In case desired, we can mention your name as the person who discovered the issue in communication regarding the issue.
- In order to thank you for helping us improve our system by reporting an unknown security issue, we love to offer you something in return. The size of the reward is determined by the significance of the breach and the quality of the report.
We try to solve all issues as quickly as possible and we will gladly be involved in case an issue is published externally.