We ask you:
- Email your findings to security@intakt.com.
- Not exploiting the problem by, for example, downloading more data than necessary to demonstrate the leak or viewing, deleting or modifying third-party data,
- Not sharing the problem with others until it is fixed and deleting all confidential data obtained through the leak immediately after the leak is fixed,
- Not use physical security attacks, social engineering, distributed denial of service, spam or third-party applications, and
- Provide sufficient information to reproduce the problem so that we can fix it as soon as possible. Usually the IP address or URL of the affected system and a description of the vulnerability is sufficient, but more may be required for more complex vulnerabilities.
What we pledge:
- We will respond to your report within 3 days with our assessment of the report and an expected date for resolution,
- If you have complied with the above conditions, we will not take any legal action against you regarding the report,
- We will treat your report confidentially and will not share your personal information with third parties without your consent unless necessary to comply with a legal obligation. Reporting under a pseudonym is possible,
- We will keep you informed of the progress in resolving the problem,
- In notifying you of the reported problem, we will, if you wish, include your name as the discoverer, and
- As a thank you for your help, we will offer a reward for each report of a security problem still unknown to us. We will determine the size of the reward based on the severity of the leak and the quality of the report with a minimum of a €50 voucher.
We aim to resolve all problems as soon as possible and we are happy to be involved in any publication about the problem after it is resolved.
