Cybersprint’s goal is to make the internet a safer place. We help companies and governmental organisations to get insight into the vulnerabilities of their visible and hidden online assets, in order to manage their online risks. We also strive towards a high level of security for our own systems and online assets. It can however occur that Cybersprint’s systems and online assets contain weak spots.
If you have found a potential security vulnerability in one of Cybersprint’s systems or domains, we encourage you to participate in our responsible disclosure process as described below. We would like to co-operate with you in order to take the necessary measures to rectify the vulnerability.
If you find a potential security vulnerability, we kindly request you to:
Report the vulnerability to us as quickly as possible after its discovery.
E-mail your findings tosoc [at] cybersprint.nl, including a clear description of steps to reproduce the vulnerability.
Provide full details of the security issue, including the IP address or the URL of the affected system or domain.
Leave your contact details so we can contact you to co-operate towards a safe result.
Wait until we notify you that the vulnerability has been resolved, before you disclose it to others.
Refrain from security research that involves potential or actual damage to Cybersprint users, systems or applications.
Handle the knowledge on the security problem with care by not performing any acts other than those nesessary to reveal the security problem.
What you can expect:
We will handle all reports confidentially and will not share personal details with third parties without permission from the reporter, unless this is mandatory by virtue of a judicial decision.
We will respond within three working days to a report with an assessment of the report and an expected date for a solution.
We will solve the observed security issue as quickly as possible. We will determine in mutual consultation whether and in what way the issue will be published, after it has been resolved.
If you are the first to report the vulnerability and it concerns a serious problem that is unknow to us, we will offer a reward as thanks for your help.
This is not an invitation to actively start scanning or hack us. If you happen to find something (by accident) we would like to know as soon as possible on soc [at] cybersprint.nl