At RiskStudio, we consider the security of our systems to be of paramount importance. Despite our commitment to securing our systems, a vulnerability may still occur.
If you have discovered a vulnerability in one of our systems, we would appreciate it if you could inform us so that we can take appropriate measures as quickly as possible. We wish to collaborate with you to better protect our customers and our systems.
We ask that you:
- Email your findings to info@riskstudio.com. If the matter involves sensitive data, please notify us first so that we can establish a secure communication channel with you.
- Do not exploit the issue, for example, by downloading more data than is necessary to demonstrate the leak, or by accessing, deleting, or modifying third-party data.
- Do not share the issue with others until it has been resolved, and delete all confidential data obtained through the leak immediately after the vulnerability has been patched.
- Do not utilize physical security attacks, social engineering, distributed denial of service, spam, or third-party applications.
- Provide sufficient information to reproduce the problem so that we can resolve it as quickly as possible. Usually, the IP address or the URL of the affected system and a description of the vulnerability are sufficient, though more information may be required for complex vulnerabilities.
Our commitment:
- We will respond to your report within 7 days with our assessment of the notification and an expected resolution date.
- If you have complied with the aforementioned conditions, we will not take legal action against you regarding the report.
- We will handle your report confidentially and will not share your personal data with third parties without your consent, unless necessary to comply with a legal obligation. Reporting under a pseudonym is permitted.
- We will keep you informed of the progress in resolving the issue.
- In any public communication regarding the reported issue, we will, if you so desire, credit you as the discoverer.
- As a token of our appreciation for your assistance, we offer a reward for every report of a previously unknown security issue. The magnitude of the reward is determined based on the severity of the leak and the quality of the report, with a minimum value of a €50 voucher.
We strive to resolve all issues as quickly as possible and would like to be involved in any potential publication regarding the issue after it has been resolved.
This text was written by Floor Terra and is published under a Creative Commons Attribution 4.0 International license.