The security of our websites and software products is essential to us and our customers. In spite of our care, procedures and best efforts it is possible that there are vulnerabilities in our websites or software products. If you find any, please tell us as soon as possible so we can fix it.

Scope:

You may check the following domains (including subdomains) for vulnerabilities:

 

You may test the following WordPress plugins for vulnerabilities:

 

These plugins have paid premium versions, if you want to test these you will have to buy a license through the respective websites.

We ask you to:

Report your findings at: https://really-simple-ssl.com/submit-a-vulnerability/

The following is explicitly NOT allowed:

Doing any of these things without explicit prior written consent from use may result in a report to law enforcement and or legal action against you!

If you think you have found a vulnerability but feel you cannot produce proof of compromise without complying with the above restrictions, please contact us.

What you can expect from us:

What we do with vulnerabilities we find ourselves:

When we find vulnerabilities in software of websites we use we will inform the responsible parties according to their responsible/coordinated vulnerability disclosure policy.

Bounties

Only reports of real vulnerabilities with proof that you personally can exploit them are eligible for rewards. We may reward those vulnerabilities with proof of compromise with monetary compensation ranging from €25 to €1000, depending on the possible impact of the vulnerability. Eligibility and size of bounties are solely at our discretion.

Please DO NOT submit output from automated scanning tools without personally verifying the reported vulnerabilities.
Any time spent by us on invalid reports you make, will limit any bounties you may receive for real vulnerabilities in the future!

 


Reporting data breaches

Your privacy and the confidentiality of you and your data is very important to us. In spite of the care we take protecting your data it is possible for information to leak. This is how we would handle such an event:

What we consider a data breach

A situation where we know or can reasonably suspect that unauthorized access to personal or business information entrusted to us has occurred

How we respond to a data breaches

After finding out about the data breach, our highest priority is fixing the leak and preventing damage to those concerned. We will investigate the breach to determine how and what data was leaked, what the cause of the breach was and who had access to the leaked data. We will take actions to prevent this from happening again. When we find illegal acts have been a factor in the data breach we will report this to the police.

Who do we inform about a data breach

We will inform all persons and organisations affected by the data breach. We will inform the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) whenever Personally Identifiable Information is involved.

Apply now!

Leave your details below. Please make sure to add your CV, portfolio, and work experience. You can use wetransfer.com or add your portfolio website.

[gravityform id="5" title="false" description="false" ajax="true"]