Responsible Disclosure

At SecureMe2, the security of our systems is very important to us. Despite our concern for the security of our systems, it is possible that there is a weak spot. If you have found a weak spot in one of our systems, please let us know so that we can take measures as quickly as possible. We would like to work with you to better protect our customers and our systems.

Basic instructions and PGP key can be found here: https://www.secureme2.eu/.well-known/security.txt

We ask you:

Email your findings to [email protected]. Add ‘vulnerability’ to the subject to speed up the process.

Not to abuse the problem by, for example, downloading more data than is necessary to demonstrate the leak or to view, delete or modify data from third parties,

Do not share the issue with others until it is resolved and erase all confidential data obtained through the vulnerability immediately after the vulnerability is closed,

Not to use attacks on physical security, social engineering, distributed denial of service, spam or third party applications, and

Provide sufficient information to reproduce the problem so that we can resolve it as quickly as possible. Usually, the IP address or URL of the affected system and a description of the vulnerability will suffice, but more complex vulnerabilities may require more.

What we promise:

We will respond to your report within 3 days with our assessment of the report and an expected resolution date,

If you have complied with the above conditions, we will not take legal action against you regarding the report,

We will treat your report confidentially and will not share your personal information with third parties without your permission, unless this is necessary to comply with a legal obligation. Reporting under a pseudonym is possible,

We will keep you informed of the progress of solving the problem,

In reporting the reported problem, we will list your name as the discoverer if you wish.

We aim to resolve all issues as quickly as possible and would be happy to be involved in any publication of the issue after it has been resolved.

This disclosure is published under CCN 3.0 and available via https://responsibledisclosure.nl/