Reporting a security breach
We do all we can to keep our systems secure. But it's always possible that you'll spot a weakness we've missed. If you do, please let us know, so that we can do something about it quickly. Reporting problems you come across is known as responsible disclosure.
How to report a problem?
Please mail details to firstname.lastname@example.org. You can also use our file transfer for this: https://fileshare.sidn.nl/. If you need help with that, call us on +31 26 352 5555.
Include as much information as possible, because that will help us reproduce the problem and put it right. We'd ideally like to have a description of what you discovered, complete with IP addresses, logs, screenshots and so on.
Please include your contact details (phone number or e-mail address), so that we can get in touch if we need to know more.
Other important points
Don't tell anyone what you found.
Destroy any data you've stumbled on.
Don't go deeper into our systems than you need to in order to show that there's a problem.
Don't abuse a vulnerability you've discovered. If you do, we'll inform the police.
What we'll do
We'll e-mail you within one working day, confirming receipt of your report.
Within five working days, we'll respond to the substance of your report and tell you when the issue will be resolved. Weaknesses are fixed as soon as possible and certainly within three months.
We'll keep you updated about progress with fixing the issue.
With your help, we'll decide whether information about the issue should be published. We'll name you as the person who discovered the problem only if you want us to.