Responsible disclosure policy
Version 1.0, 23-07-2020
At Thalia, we take security of our infrastructure and digital systems seriously. We develop, build and deploy all systems with security in mind. However, we can never be 100% secure and vulnerabilities will, unfortunately, present themselves. If you find a (potential) vulnerability or security issue, we would appreciate it if you inform us as soon as possible.
We ask you to
- send any and all reports about potential security issues to firstname.lastname@example.org (in either English or Dutch).
- notify us as soon as possible about any potential security issue.
- give detailed reports of your findings to help us identify the underlying problem.
- only exploit vulnerabilities to confirm their presence.
- not use social engineering, physical attacks, (distributed) denial of service or spam attacks against any of our systems.
- not share your report with anybody else until the problem has been fixed.
- involve us if you want to publish your report once it has been fixed.
- respect the privacy of our members.
We promise you to
- take your reports seriously.
- respond to your reports as soon as possible.
- solve the issue as soon as possible.
- respect your privacy and will treat your reports confidentially.
- keep you up to date and work with you to solve the underlying problem.
- credit you in any internal and external announcements (with your permission).
- not take any legal action if you followed the above guidelines.
- reward you as Thalia sees fit.