Have you found a vulnerability?
If so, we kindly ask you to report it through a Responsible Disclosure report or Coordinated Vulnerability Disclosure (CVD) report, so that we can take measures as quickly as possible. We would like to work together with you to further improve the protection of our customers and our systems.
What we ask
- Send your findings by email to security@infracom.nl;
- Do not misuse the issue, for example by downloading more data than necessary to demonstrate the vulnerability or by viewing, deleting, or modifying data belonging to others;
- Do not share the problem with others until it has been resolved, and delete any confidential information obtained through the vulnerability immediately after it has been fixed;
- Do not use attacks on physical security, social engineering, distributed denial of service (DDoS), spam, or third-party applications;
- Provide sufficient information to reproduce the problem, so we can resolve it as quickly as possible. Usually, the IP address or URL of the affected system and a description of the vulnerability are sufficient, but for more complex vulnerabilities, additional information may be required.
What we promise
- We will respond to your report within 3 business days with our assessment and an expected resolution date;
- If you have followed the above conditions, we will not take any legal action against you regarding the report;
- We will handle your report confidentially and will not share your personal data with third parties without your consent, unless required by law. Reporting under a pseudonym is possible;
- We will keep you informed about the progress of resolving the issue;
- In any public communication about the reported issue, we will, if you wish, credit you as the discoverer.
We would like to thank you in advance for your cooperation!
