Responsible Disclosure Policy
At MediaBuild.nl, we take the security of our systems and customer data very seriously. We appreciate the efforts of security researchers and the wider community in helping us maintain a safe and secure online environment. This Responsible Disclosure Policy outlines the guidelines for security researchers to report any discovered vulnerabilities or security issues to us in a responsible and ethical manner.
We request that all security researchers follow these guidelines when investigating and reporting any potential security vulnerabilities:
1. Scope of Coverage:
This policy applies to all web applications, systems, and associated services operated by MediaBuild.nl.
2. Reporting Process:
If you discover a vulnerability or security issue, we appreciate your cooperation in responsibly disclosing it to us. To report a vulnerability, please send an email to info@mediaBuild.nl. Please include the following information in your report:
- Detailed description of the vulnerability, including steps to reproduce, affected components, and potential impact.
- Any supporting technical details, such as proof-of-concept code or screenshots.
- Your contact information, including name and email address.
3. Guidelines:
To ensure your actions remain within the scope of responsible disclosure, please adhere to the following guidelines:
- Do not perform any destructive actions, such as modifying or deleting data.
- Do not disclose or exploit the vulnerability to anyone else.
- Do not attempt to gain unauthorized access to sensitive information.
- Do not conduct any social engineering or phishing attacks.
- Do not disrupt or degrade the performance of our services.
4. Legal Considerations:
We understand the importance of responsible disclosure and value the efforts of security researchers. If you comply with the guidelines mentioned above, we commit to the following:
- We will not pursue any legal action against you regarding your security research.
- We will handle your report and any related information with utmost confidentiality.
- We will aim to acknowledge receipt of your report within three business days and keep you informed of the progress towards resolution.
- We will consider giving appropriate credit and recognition to researchers who responsibly disclose vulnerabilities, upon request and with their consent.
5. Exclusions:
The following actions are strictly prohibited, and we request that you refrain from engaging in them:
- Any form of denial-of-service (DoS) attacks.
- Attempting to access, or actually accessing, another user's account or personal data.
- Exploiting vulnerabilities to gain unauthorized access to our production systems or any associated data.
- Violating any applicable laws or regulations.
6. Responsible Disclosure Principles:
We adhere to the following principles when responding to vulnerability reports:
- We will respond promptly to reports and provide a timeline for issue resolution.
- We will keep security researchers informed about the progress and the steps taken to address the reported vulnerability.
- We will acknowledge the researchers' contributions and offer appropriate recognition, upon request.
Please note that any actions taken against the guidelines mentioned above or any illegal activities will be handled in accordance with the applicable laws.
We appreciate the responsible disclosure of any vulnerabilities or security issues, as it helps us ensure the privacy and security of our systems and our users' data. Together, we can create a safer digital environment.
Last updated: March 2024.