Responsible Disclosure
We take the security of our systems seriously. Have you discovered a security flaw in an ICT system belonging to Delta10? Please notify us, so that we can take action as soon as possible.
What to do:
- Mail your discovery to [email protected] and use our PGP key to encrypt the information.
- Deal responsibly with the information in your possession. Do nothing beyond what is necessary to demonstrate the security flaw, for example by sending malware or by copying, changing or deleting data in the system concerned.
- Keep information about any flaws you have discovered confidential between yourself and Delta10 until we have resolved the issue.
- Delete all confidential data obtained via the security flaw as soon as possible, and in any case directly after the problem has been resolved.
- Do not try or use physical testing, (distributed) denial of service, social engineering or so-called ‘brute force’.
- Provide us with sufficient information to reproduce the vulnerability, so that we can resolve it as quickly as possible. In many cases, the IP address or the URL of the system concerning will be sufficient (POC scripts, screenshots and compressed screen captures can be helpful). Complex vulnerabilities may require more information.
What to expect:
- We will respond to your notification within three working days. Our response will contain an assessment of your notification and the date on which we expect to remedy the flaw.
- If you comply with the conditions described above, we commit to not take any legal action against you regarding your notification.
- We will treat your notification confidentially. We will not share your personal details with third parties without your permission unless required to do so by law or a court order.
- We will keep you informed informed of the progress made in remedying the security flaw you discovered.
- We will, if you wish, mention your name on our website as the one who discovered the security flaw.
- We try to solve any problem as quickly as possible. We appreciate to be involved in any publication concerning the problem after it has been resolved.