Responsible Disclosure

At SecureMe2 we believe the safety of our systems is very important. Despite our concern for the security of our systems, it can happen that there is a weak spot. If you have found a weak spot in one of our systems, we would like to hear from you so that we can take measures as quickly as possible. We would like to work with you to better protect our customers and our systems.

Basic instructions and PGP-key can be found at https://www.secureme2.eu/.well-known/security.txt

We ask you:

  • E-mail your findings to [email protected] E-mail your findings to [email protected] Add ‘vulnerability’ to the subject line to speed up the process.
  • Not to misuse the problem by, for example, downloading more data than is necessary to demonstrate the leak or to view, delete or modify data from third parties,
  • Do not share the problem with others until it has been resolved and erase all confidential data obtained through the leak immediately after the leak is closed,
  • Not to use attacks on physical security, social engineering, distributed denial of service, spam or third-party applications, and
  • Provide sufficient information to reproduce the problem so that we can resolve it as quickly as possible. Usually the IP address or URL of the affected system and a description of the vulnerability is sufficient, but more complex vulnerabilities may require more.

What we promise:

  • We respond to your report within 3 days with our assessment of the report and an expected date for a solution,
  • If you have complied with the above conditions, we will not take legal action against you regarding the report,
  • We will treat your report confidentially and will not share your personal information with third parties without your permission unless it is necessary to fulfill a legal obligation. Reporting under a pseudonym is possible,
  • We will keep you informed of the progress of solving the problem,
  • In reporting on the reported problem we will, if you wish, state your name as the discoverer.

We strive to resolve all issues as quickly as possible and are happy to be involved in any publication about the issue after it has been resolved.

This disclosure is published under CCN 3.0 and available via https://responsibledisclosure.nl/

Nationaal Cybersecuritybeeld 2020:

"Snelle detectie kan gevolgen beperken, maar over het algemeen duurt het lang. Het vroegtijdig detecteren van aanvallen is een basismaatregel. Des te eerder, des te beter. Dat blijft echter voor veel organisaties een complexe opgave."

"Volgens een onderzoek was in 2019 de gemiddelde detectietijd van een aanval 56 dagen. Deze gemiddelde detectietijd is niet in verhouding met de snelheid waarmee een aanvaller zijn doel kan bereiken. Die heeft slechts enkele uren nodig. In het jaarbeeld staat dat actoren snel misbruik maken van gepubliceerde kwetsbaarheden. Ook wanneer de aanvaller op minder snel succes uit is, bijvoorbeeld voor spionage, kan snelle detectie de schade beperken."

Verhoog uw weerbaarheid direct! 

SAM Cyber Alarm

This website uses two types of cookies: for the correct design and use of anonymized visitor statistics via Google Analytics. More information can be found in our Privacy Policy.