At Networking4all, security and privacy are our main objectives. But no matter the effort we may put into securing our systems, there might still be vulnerabilities present. If you discover a vulnerability in our systems, we would like to know about it so we can take action and address the problem. We would like to ask you to help us in protecting our clients and our systems.
If you come across a vulnerability, please do the following:
- Send your findings to firstname.lastname@example.org. Encrypt your findings with our PGP key to prevent the information from falling into the wrong hands.
- Report the problem as quickly as possible, to minimise the risk of unauthorised use of the vulnerability, or hostile actors taking advantage of it.
- Report the problem in a clear and concise way, and in such a way that the information you submitted is secure and cannot be intercepted by third parties.
- Delete any data that was required through the vulnerability as soon as the problem is resolved, unless requested otherwise by Networking4all.
- Provide sufficient information to reproduce the problem, such as a specific URL where the problem occurred or the steps that were taken up until the moment the problem arose, so Networking4all can resolve the problem as quickly as possible.
- Do not abuse the problem by downloading more data than is necessary to detect the leak or to check, remove or modify third-party data.
- Do not reveal the vulnerability to others until the vulnerability has been solved.
- Do not make changes to the system or utilise the vulnerability further than necessary to establish its existence.
- Do not copy, modify, or delete data on the system, or make a directory listing of the system.
- Do not make use of attacks on physical security, social engineering, distributed denial of service, third-party spam or applications.
What we promise:
- If you have met the above terms, we will not take legal action regarding the notification.
- We treat your report confidentially and will not share your personal information with third parties without your consent unless necessary to comply with a legal obligation. Reporting under a pseudonym is possible.
- We will keep you informed of the progress towards resolving the problem.
- Upon public notification of the problem, you will be mentioned by name as the discoverer of the vulnerability, unless you desire otherwise.