Responsible Disclosure PolicyÂ
​At Underlined we consider the security of our systems very important. Despite our concern for the security of our systems, it is possible that there is a weak spot. If you have found a weak spot in one of our systems, we would like to hear about it. We can then take measures as quickly as possible. We would like to work with you to better protect our systems.
1. If you notice a possible weak spot in the systems of Underlined, we ask you to email your findings to security@underlined.nl by means of a detailed explanation of the weak spot.
2. Describe the issue found in as much detail as possible. Your report will be handled by specialists; you can use technical jargon where necessary or desired. We ask you not to abuse the weak spot by, for example, downloading more data than is necessary to demonstrate the leak or to view, delete or modify data from third parties.
3. You can choose to add your contact details (name, e-mail address and telephone number) or you can make the report anonymously.
4. A team of security experts will investigate your report and provide an initial response within 10 working days. In the meantime, don’t make the problem public, talk to our experts, and give them time to solve the problem. We will let you know what we think of your report, whether we will implement a solution and when we will do so.
When investigating the vulnerability you found, you may be committing criminal acts. If you have acted in good faith, carefully and in accordance with the rules set out below, Underlined has no reason to report. Therefore, please adhere to the following rules when conducting research. Rules when conducting research:
The hotline is not intended for:
|
Your privacy
To follow up on the report, you can choose to provide us with your contact details (name, e-mail, and telephone number). We will not disclose your identity to third parties without your consent or use your data for purposes other than to provide appropriate follow-up to your report, unless there is a legal obligation to do so, for example in the event of a claim by the judiciary. We handle your personal data according to the guidelines as described in our privacy statement.
Other conditionsÂ
With regard to internet security and privacy, Dutch legislation applies. We can only accept reports that have been drawn up in Dutch or English. This responsible disclosure regulation has been established based on the guidelines of the National Cyber Security Center.