Responsible Disclosure Policy
At D Soft, the safety of our systems is very important to us. Despite our care for the security of our systems, it can happen that there is a weak spot. If you have found a weak spot in one of our systems, please let us know so that we can act as soon as possible. We would like to work with you to better protect our customers and our systems.
We Ask You:
- To mail your findings to email@example.com. Encrypt your findings with our PGP key to prevent the information from falling into the wrong hands,
- Not to abuse the problem by, for example, downloading more data than is necessary to prove the leak or to access, delete or modify data from third parties,
- Not to share the problem with others until it has been resolved and to delete all confidential data obtained through the leak immediately after the leak has been plugged,
- Not to use attacks on physical security, social engineering, distributed denial of service, spam or third-party applications, and
- To provide sufficient information to reproduce the problem so that we can solve it as quickly as possible. Usually the IP address or URL of the affected system and a description of the vulnerability is sufficient, but more may be needed for more complex vulnerabilities.
What We Promise Yo:
- We will respond to your report within 3 days with our review of the report and an expected date for resolution,
- If you have complied with the terms and conditions above, we will not take any legal action against you regarding the report,
- We will treat your report confidentially and will not share your personal data with third parties without your consent, unless this is necessary to comply with a legal obligation. Reporting under a pseudonym is possible.
- We will keep you informed about the progress of solving the problem,
- In reporting the reported problem, we will, if you wish, mention your name as the discoverer, and
- As a thank you for you help, we offer a reward for every report of a security problem that is not yet known to us. We determine the size of the reward based on the severity of the leak and the quality of the report with a minimum of a voucher of €50.
We aim to solve all problems as soon as possible in any publication about the problem after it has been solved.
D Soft nv