Responsible disclosure

If you nevertheless believe that you have found a security vulnerability, we cordially invite you to share it with us as quickly and in detail as possible. You can email your findings to responsible-disclosure@invitado.nl. Please describe the problem in your message as extensively as possible and where possible provide IP addresses, logs, screenshots and instructions on how our developers can reproduce the alleged vulnerability.

We request:

• Not to abuse the problem by, for example, downloading more data than is necessary to demonstrate the leak or to view, delete or modify data from third parties.
• Not to share the problem with others until it is resolved and delete all confidential data obtained through the leak immediately after the leak has been closed.
• Not to use attacks on physical security, social engineering, distributed denial of service, spam or third party applications.
• Provide sufficient information to reproduce the problem so that we can resolve it as quickly as possible. Usually the IP address or URL of the affected system and a description of the vulnerability is sufficient, but more complex vulnerabilities may require more (as stated above).

We guarantee:

• That we respond substantively to your report within 3 days with our assessment of the report and an expected date for a solution.
• That if you have complied with the above conditions, we will not take legal action against you regarding your report.
• That we treat your report confidentially and that we do not share your personal information with third parties without your permission, unless this is necessary to comply with a legal obligation. Reporting under a pseudonym is possible.
• That we will keep you informed about the progress we make in fixing the problem.

If you prefer to submit your findings to us anonymously or encrypted, call us on +31 (0) 88 99 87 444 and ask for Lodewijk or Michiel.