The security of our websites and software products is essential to us and our customers. In spite of our care, procedures and best efforts it is possible that there are vulnerabilities in our websites or software products. If you find any, please tell us as soon as possible so we can fix it.


You may check the following domains (including subdomains) for vulnerabilities:

You may test the following WordPress plugins for vulnerabilities:

These plugins have paid premium versions, if you want to test these you will have to buy a license through the respective websites.

We ask you to:

E-mail your findings to: [email protected]

Give us enough information to be able to reproduce the problem so we can fix it a.s.a.p. Usually the URL or file that contains the vulnerability and a description of the vulnerability is enough but when the issue is complicated more info may be required. Give us your contact information so we can contact you when we have questions. Inform us of the vulnerability as soon as possible after you discover it. Do not share any information regarding the vulnerability with third parties until it is fixed. Be responsible by not taking any actions other than the minimum required to verify the vulnerability.

The following is explicitly NOT allowed:

Doing any of these things without explicit prior written consent from use may result in a report to law enforcement and or legal action against you!

If you think you have found a vulnerability but feel you cannot produce proof of compromise without complying with the above restrictions, please contact us.

What you can expect from us:


What we do with vulnerabilities we find ourselves:

When we find vulnerabilities in software of websites we use we will inform the responsible parties according to their responsible/coordinated vulnerability disclosure policy.


Only reports of real vulnerabilities with proof that you personally can exploit them are eligible for rewards. Please DO NOT submit output from automated scanning tools without personally verifying the reported vulnerabilities. Any time spent by us on invalid reports you make, will limit any bounties you may receive for real vulnerabilities in the future!

We may reward real world exploitable vulnerabilities with proof of compromise with monetary compensation ranging from €25 to €10,000, depending on the possible impact of the vulnerability. Eligibility and size of bounties are solely at our discretion.

Reports of old software versions or missing best practices without proof of exploitability will just earn you in our gratitude.

Reporting data breaches

Your privacy and the confidentiality of you and your data is very important to us. In spite of the care we take protecting your data it is possible for information to leak. This is how we would handle such an event:

What we consider a data breach

A situation where we know or can reasonably suspect that unauthorized access to personal or business information entrusted to us has occurred

How we respond to a data breaches

After finding out about the data breach, our highest priority is fixing the leak and preventing damage to those concerned. We will investigate the breach to determine how and what data was leaked, what the cause of the breach was and who had access to the leaked data. We will take actions to prevent this from happening again. When we find illegal acts have been a factor in the data breach we will report this to the police.

Who do we inform about a data breach

We will inform all persons and organisations affected by the data breach. We will inform the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) whenever Personally Identifiable Information is involved.

Apply now!

Leave your details below. Please make sure to add your CV, portfolio, and work experience. You can use or add your portfolio website.

"*" indicates required fields

Where can we find your CV e.a.? You can use for files if needed.
This field is for validation purposes and should be left unchanged.