At Cyber Inc. We think the safety of our systems is very important. Despite our concern for the security of our systems, it can happen that there is a weak spot. If you have found a weak spot in one of our systems, we would like to hear from you so that we can take measures as quickly as possible. We would like to work with you to better protect our customers and our systems.
Weak spots can be discovered in two ways: you bump into something by accident with normal use of a digital environment, or you explicitly do your best to find a weak spot. Our responsible disclosure policy is not an invitation to actively scan our products and company network for weak spots.
With regard to our products, you are cordially invited to actively look for vulnerabilities in an offline and non-production environment and to report your findings to us. Out of accountability to our customers, we do not want to call for hacking attempts on their infrastructure. However, it also applies that we want to hear from you as soon as possible as soon as vulnerabilities are found, so that we can resolve them adequately.
We ask you: Email
- your findings to hello (∞)cyberinc.nl. Share your findings encrypted viafor example Tresorit to prevent the information from falling into the wrong hands,
- not to misuse the problem by, for example, downloading more data than is necessary to demonstrate the leak or to view, delete or modify data from third parties,
- not to share the problem with others until it is resolved and erase all confidential data obtained through the leak immediately after the leak is closed,
- Not making use of physical security, social engineering, distributed denial or service attacks, spam or third-party applications, and
- Sufficient provide information to reproduce the problem so that we can resolve it as quickly as possible. Usually the IP address or URL of the affected system and a description of the vulnerability is sufficient, but more complex vulnerabilities may require more.
What we promise:
- We will respond to your report within 3 days with our assessment of the report and an expected date for a solution.
- If you have complied with the above conditions, we will not take legal action against you regarding the report,
- We will handle your report confidential and will not share your personal information with third parties without your permission unless it is necessary to fulfill a legal obligation. Reporting under a pseudonym is possible,
- We will keep you informed of the progress of solving the problem,
- In reporting on the reported problem we will, if you wish, state your name as the discoverer, and
- as thanks for your help we offer a reward for every report of a security problem that is still unknown to us. We determine the size of the reward on the basis of the severity of the leak and the quality of the report.
We strive to resolve all problems as quickly as possible and we are happy to be involved in any publication about the problem after it has occurred solved.