Responsible Disclosure Accon avm
At accon■avm, we regard the security of our systems as crucial. Despite all that we do to maximise the security of these systems, they may actually have weak spots.
If you have discovered a weak spot in one of our systems, please let us know so that we can sort out the problem as quickly as possible. We would like to team up with you to provide better security for our clients and systems.
We kindly ask you:
- To send a brief email to firstname.lastname@example.org indicating that you have information you wish to share with us. You will then receive instructions for sending us your findings over a secure connection.
- Not to exacerbate the problem, for example by downloading more data than necessary to demonstrate the data breach or to view, erase or change data of third parties.
- Not to disclose the issue to third parties until it has been resolved and to erase all confidential data obtained as a result of the data breach immediately after it is rectified.
- Not to resort to attacks on physical security, social engineering or distributed denial of service or use spam or third-party applications.
- To provide sufficient information to enable us to reproduce the issue and resolve it as quickly as possible. Usually, the IP address or URL of the affected system and a description of the vulnerability are sufficient, but more may be required in case of more complex vulnerabilities.
What we promise:
- We will respond to your report within three days, providing our assessment of the report and the date on which we expect to resolve the issue.
- If you have complied with the above conditions, we will not take any legal action against you with regard to the report.
- We will treat your report confidentially and will not share your personal data with third parties without your consent, unless this is required in order to discharge a statutory obligation. We may report the issue under a pseudonym.
- We will keep you informed of the progress we make in resolving the issue.
- If you wish, we will mention your name in any communications about the issue as the person who discovered it.
- To thank for your help, we offer a reward for each report of a security problem of which we are still unaware. The level of the reward is determined by the seriousness of the breach and the quality of the report, the minimum being a voucher worth €50.
We will try to resolve any issues as quickly as possible and would like to be involved in any publication about the issue after it has been resolved.