Responsible disclosure statement AmstelveenSport
At AmstelveenSport we consider the security of the information systems we use to be very important. Despite our concern for the security of our information systems, there may still be a vulnerability. If you have found a weak spot, we would like to hear this so that we can take measures as quickly as possible. We want to work with you to better protect our customers and our information systems.
We ask you:
- E-mail your findings to firstname.lastname@example.org;
- Not to abuse the problem by, for example, downloading more data than is necessary to demonstrate the leak or to view, delete or modify data from third parties;
- Not to share the problem with others until it is resolved and to erase all confidential data obtained through the leak immediately after the leak has been closed;
- Not to use attacks on physical security, social engineering, distributed denial of service, spam or applications of third parties;
- Provide sufficient information to reproduce the problem so that we can resolve it as quickly as possible. Usually the IP address or URL of the affected system and a description of the vulnerability is sufficient. More complex vulnerabilities may require more.
What we promise:
- We will respond to your report within 5 business days with our assessment of the report and an expected resolution date;
- If you have complied with the above terms and conditions, we will not take legal action against you regarding the report;
- We will treat your report confidentially and will not share your personal information with third parties without your permission unless this is necessary to comply with a legal obligation. Reporting under a pseudonym is possible;
- We will keep you informed of the progress of resolving the problem;
In reporting on the reported problem, we will, if you wish, include your name as the discoverer;
- As a thank you for your help, we offer a reward for every report of a security issue unknown to us. We determine the size of the reward based on the severity of the leak and the quality of the report.
We strive to resolve all issues as quickly as possible and are happy to be involved in any publication about the issue once it has been resolved.