We consider the security of our systems very important. Despite our concern about the security of our systems, it may appear that there is a vulnerability or vulnerability. Hence, we use the Responsible Disclosure principle. If you've found a weak spot in one of our systems, we'd love to hear that. Then we can take action as soon as possible. We would like to work with you to better protect our customers and our systems.
WE ASK YOU:
- Send your findings to email@example.com. Encrypt your findings with our PGP key to prevent the information from falling into the wrong hands,
- Do not misuse the problem. For example, by downloading more data than necessary to detect the leak or to check, remove or modify third-party data,
- Do not share the problem with others until it is resolved and erase all confidential data obtained through the leak immediately after sealing the leak,
- No use of physical security attacks, social engineering, registered service denial, third-party spam, and
- Provide sufficient information to reproduce the problem so that we can resolve it as quickly as possible. Usually, the IP address of the affected system URL and a vulnerability description are sufficient. Complexer vulnerabilities may require more.
WHAT WE BELIEVE:
We'll respond to your report within 3 days with our review of the notification and an expected date for a solution,
If you have met the above terms, we will not take any legal action regarding the notification,
We treat your report confidentially. We will not share your personal information with third parties without your consent. Of course, unless it is necessary to comply with a legal obligation. Reporting under a pseudonym is possible,
We will keep you posted on the progress of solving the issue,
In notification of the reported problem we will, if you wish, mention your name as the discoverer, and
As a thank you for your help, we offer a reward for any notification of an unknown security issue. The size of the reward determines us based on the severity of the leak and the quality of the notification with a minimum of € 50, - voucher.
We strive to resolve all issues as quickly as possible and we are happy to be involved in any publication about the issue after it has been resolved.
Thank you to Floor Terra from http://responsibledisclosure.nl/ for the Responsible Disclosure sample text.