We kindly ask you to:
- Send us your discovery as soon as possible to VULNERABILITY@X-TENTION.AT. In case you prefer to transmit the information in encrypted form, please contact us in advance at the mentioned e-mail address. We will then inform you about the next steps.
- Provide us with sufficient information to reproduce the problem and rectify it without undue delay. Usually the IP address or the URL of the affected system with a description of the vulnerability respectively attack should be sufficient. In case of more complex issues we may ask you for further information.
- Do not exploit any vulnerability for accessing, manipulating, or deleting data!
- In case you downloaded confidential information accidentally, delete it immediately!
- Do not disclose the vulnerability to any third party until it has been resolved!
Do not harm the physical security of our premises and systems. Refrain from carrying out any social engineering or (Distributed) Denial of Service attacks ((D)DoS attacks).
We assure you:
- We take all reports seriously. We will investigate any potential vulnerabilities and fix identified issues as soon as possible!
- We will reply to your report within 48 hours and keep you regularly informed about our progress on resolving the issue.
- Provided that you comply with the instructions above, no legal action will be taken against you.
- Your report is treated confidential and we will not share any personal information with third parties.
- We will inform affected stakeholders about the vulnerability without undue delay.
- If you explicitly request it, your name will be mentioned as discoverer of the vulnerability in public communication.
This Responsible Disclosure Policy is based on the RESPONSIBLE DISCLOSURE GUIDELINE OF THE NATIONAL CYBER SECURITY CENTRE, WRITTEN BY FLOOR TERRA.