Responsible Disclosure

Structureren

Archive
Archiveren

Structure
Delen

Share
Creëren

Create

At Qwoater B.V., we value the safety of our systems. Despite our care for the security of our systems, a weak spot is something that can happen. 

If you have found a weak spot in one of our systems, we would like to hear this so that we can take measures as soon as possible. We want to work with you to be able to protect our clients and systems even better. 

We want to ask you to only report findings you found on our Qwoater applications (direct.qwoater.nl, rapporten.qwoater.nl, reports.qwoater.com). The Qwoater websites (qwoater.nl) and, thereby, WordPress-related findings from systems linked to Qwoater fall outside this responsible disclosure’s scope.

We ask you:

    • To mail your findings to support@qwoater.nl
    • To not misuse the problem by, for example, downloading more data than needed to prove the leak or access, edit or delete data from third parties.
    • To not share the problem with others until it is resolved and to delete all of the confidential data that has been obtained through the leak after the leak has been fixed.
    • To not attack the physical security, social engineering, distributed denial of service, spam or applications of third parties.
    • To give sufficient information to reproduce the problem so we can fix it as soon as possible. In most cases, the IP address or the URL of the affected system and a description of the vulnerabilities are sufficient, but with more complex vulnerabilities, we possibly need more.

 

What we promise:

  • We will react within three days to your report, with our rating of the report and an expected date for a solution.
  • If you adhere to the above, we will not take legal action against you regarding the report.
  • We will treat your report confidentially and will not share your personal information with third parties without your consent unless it is necessary to fulfill a legal obligation. It is possible to report under a pseudonym.
  • We will keep you informed of the progress in solving the problem.
  • In the communication about the reported problem, we will, if you wish, mention your name as discoverer.
  • As a thank you for your help we offer a reward for every report from a for us still unknown security problem. The size and type of the reward we will determine based on the seriousness of the leak and the quality of the report.

We strive to solve all problems as soon as possible, and we like to be involved in possible publications about the issue after it is solved. 
Aanmelden
Nieuwsbrief