Responsible disclosure

At De Breed & Partners, we consider the security of our systems to be extremely important. Despite our diligence concerning the security of our systems, it is nevertheless possible that there is a weak spot.

If you have found a weak spot in one of our systems, please let us know so that we can take measures as soon as possible. We would like to work with you to better protect our customers and our systems.

We kindly ask you:

  • To email your findings to Encrypt your findings with our PGP key to prevent the information from falling into the wrong hands,
  • Not to abuse the problem by, for example, downloading more data than is necessary to demonstrate the leak or viewing, deleting or modifying the data of third parties,
  • Not to share the problem with others until it is resolved and to erase all confidential data obtained via the leak immediately after the leak is closed,
  • Not to use attacks on physical security, social engineering, distributed denial of service, spam or third-party applications, and
  • To provide sufficient information to reproduce the problem so that we can resolve it as soon as possible. Usually, the IP address or URL of the affected system and a description of the vulnerability is sufficient, but more complex vulnerabilities may require more information.

What we promise:

  • We will respond to your report within 3 days with our assessment of the report and an expected resolution date,
  • If you have complied with the conditions above, we will not take any legal action against you regarding the report,
  • We will treat your report as confidential and will not share your personal information with third parties without your permission, unless this is necessary for compliance with a legal obligation. Reporting under a pseudonym is possible,
  • We will keep you informed of the progress of the resolution of the problem,
  • In communications about the reported problems, we will, if you so desire, state your name as the discoverer, and
  • As a token of gratitude for your help, we will offer a reward for any report of a security vulnerability that was unknown to us. We will determine the size of the reward based on the severity of the leak and the quality of the report, with a minimum of a voucher of €20.00.

We will strive to resolve all problems as quickly as possible and we are happy to be involved in any publication of the problem after it has been resolved.