Responsible Disclosure
Northwave's
Responsible Disclosure
At Northwave, we believe that the security of our systems is very important. Despite our care for the security of our systems, there could be a weak spot. If you have found a weak spot in one of our systems, we would like to hear from you so that we can take measures as quickly as possible. We would like to work with you to better protect our customers and our systems.
We ask you to:
- E-mail your findings to responsibledisclosure@northwave.nl. Is it sensitive information? Please contact us through e-mail first so we can inform you on how to share your findings with us in a secure way.
- Not make the problem worse by, for example, downloading more data than necessary to show the leak or viewing, deleting or modifying third-party data.
- Not share the problem with others until it is resolved and erase all confidential data obtained through the leak immediately after it is resolved.
- Not use attacks on physical safety, social engineering, distributed denial of service, spam or third-party applications, etc.
- Provide sufficient information to reproduce the problem to enable us to resolve it as quickly as possible. Usually the IP address or URL of the affected system and a description of the vulnerability is sufficient, but more complex vulnerabilities can require more.
We promise you that:
- We will respond to your report within 7 days with our assessment of the report and an expected date of resolution.
- If you have complied with the above-mentioned conditions, we will not take legal action against you about the report.
- We will treat your report confidentially and will not share your personal information with third parties without your authorisation unless necessary to comply with a legal requirement. Reporting under a pseudonym is of course possible.
- We will keep you informed of the progress of the problem-solving.
- We will indicate your name as the discoverer in any reports about the reported problem – if you so wish. As thanks for your help, we offer a reward for every report of a security issue that were unaware of. We reward depending on the severity of the leak and the quality of the report with at least a bottle of Club Mate and a crate of Club Mate at the most.
- We strive to resolve all issues as quickly as possible and are happy to be involved in any publication about the issue after it has been resolved.
- If needed, a secure communications channel can be set up on request to exchange sensitive information.
Deze tekst is gebaseerd op een voorbeeld van Floor Terra (http://