Coordinated Vulnerability Disclosure
Organisations, governments and society’s dependence on digital infrastructure is increasing day by day. It is therefore our opinion that everyone should commit to securing the cyberspace. We do realise that, in spite of our best intentions and greatest care, vulnerabilities may exist in our systems and products. If you do happen to find a weakness, we would love to hear from you so we can resolve the issue.
We ask that you:
- Send your findings by using the form below;
- Do not reveal the problem to others until it has been resolved;
- Do provide sufficient information to reproduce the problem, so we will be able to resolve it as quickly as possible;
- Do not abuse the vulnerability; for example, by downloading, editing or deleting data. We will always take your report seriously and investigate any suspicions of a vulnerability, even without proof;
- Delete all confidential information you have obtained during your investigation as soon as we have resolved the vulnerability.
What you can expect from us:
- We will respond to your report within 2 business days with our evaluation of the report and an expected resolution date;
- We will handle your report with strict confidentiality, and not pass on your personal details to third parties without your permission;
- We will keep you informed of the progress towards resolving the problem;
- In the public space we will give your name as the discoverer of the problem (unless you desire otherwise);
- If you have followed the instructions above, we will not take any legal action against you in regard to the report;
- As a token of our gratitude, we offer a reward for every report of a security problem that was not yet known to us. The amount of the reward will be determined based on the severity of the leak and the quality of the report.
We strive to resolve all problems as quickly as possible, and we would like to play an active role in the ultimate publication on the problem after it is resolved.