Purpose
We value security researchers who report vulnerabilities and want to collaborate to keep our systems safe. This policy explains how to safely report security issues to us.
Contact
What You Should Do
- Report vulnerabilities via the above email addresses.
- Provide enough information for us to reproduce the issue.
- Use the PGP key to securely transmit sensitive information.
- Avoid causing damage to our systems or data.
- Do not publicly disclose vulnerabilities before we have reviewed and fixed them.
What You Should NOT Do
- Do not delete, modify, or steal data.
- Do not exploit vulnerabilities on systems without explicit permission.
- Do not publicly disclose vulnerabilities until a mitigation or fix has been applied.
Acknowledgment and Recognition
We will:
- Respond promptly to reports.
- Investigate and apply mitigations where possible.
- Acknowledge security researchers if desired, unless confidentiality reasons prevent it.
Escalation
For serious vulnerabilities directly affecting our systems, we reserve the right to escalate reports to relevant authorities if necessary.
Policy Updates
This policy may be updated. Please check the canonical link regularly:
https://verkeersmeter.nl/.well-known/security.txt