The safety of our IT systems is important to us. Despite our efforts, our systems may contain a vulnerability. Have you discovered a security flaw in one or more of our systems? Please notify us before informing the outside world.
How to report a vulnerability
If you have discovered a vulnerability in an IT system, please proceed as follows:
- Mail your findings to email@example.com
- Provide enough information so we can remedy the floor as soon as possible. The computer’s IP address or IT system’s URL and a description of the security flaw is usually sufficient. But in case of more complex vulnerabilities, more details may be required.
- Leave your contact details so that we can contact you later to jointly arrive at a safe result. At least provide an email address or telephone number.
- Report the flaw as soon as possible after discovering it.
- Do not share any information about the security flaw with others until it has been remedied.
- Deal responsibly with the information in your possession about the security flaw by not taking any other action than is necessary to demonstrate this.
Do not abuse the IT system’s vulnerability
If you discover a vulnerability, do not:
- Place malware.
- Copy, change, or delete data in an IT system (as an alternative, you can create a directory listing of the system).
- Change the system.
- Repeatedly visit the system or share access with others.
- Use ‘brute force’ to open the system.
- Attempt denial of service or social engineering.
The information security policy is available, you can mail a request to firstname.lastname@example.org.