Coordinated Vulnerability Disclosure (CVD)

Also known as: Responsible disclosure

Principles

We consider the security of our systems a top priority, but no matter how much effort we put into system security, vulnerabilities can still be present.

If you discover a vulnerability, we would like to know so that we can take measures to fix it as quickly as possible. We want to ask you to help us better protect our customers and our systems. NOTE:

  • It is prohibited to test our site/domain on vulnerabilities.

If you still have a finding, then please do the following:

  • E-mail your findings to security@ada-ict.nl. This e-mail address is managed by our incident manager and (chief) information security officer.
  • Do not exploit the vulnerability or problem you have discovered, for example by downloading more data than is necessary to demonstrate the vulnerability or by deleting or modifying data belonging to others;
  • Don’t tell others about the problem until it’s resolved;
  • Do not attack physical security, social engineering, distributed denial of service, spam or third-party applications; and
  • Please provide enough information to reproduce the problem so that we can resolve it as quickly as possible. Usually, the IP address or URL of the affected system and a description of the vulnerability are sufficient, but complex vulnerabilities may require further explanation.

What we promise:

  • We will respond to your report within 5 business days with our evaluation of the report and an expected resolution date;
  • If you have complied with the above conditions, we will not take legal action against you regarding the report;
  • We treat your report as strictly confidential and do not pass on your personal data to third parties without your consent;
  • We will keep you updated on the progress of resolving the issue;
  • If you agree, we will include your name in our Hall of Fame (on this page).

We strive to resolve all issues as quickly as possible.

Note: this update Disclosure page is valid as from March 27, 2023. Until this date the old Disclosure is in place and findings will be processed as such.

Hall of fame

In random order:

Neem contact met ons op

Not readable? Change text. captcha txt

Start typing and press Enter to search