Security & Responsible Disclosure

It is important that our systems are secure. If you find a vulnerability in one of our systems we would like to hear about it. We will then take the necessary measures as soon as possible to fix the vulnerability found.

To deal responsibly with found vulnerabilities, we follow a number of guidelines. You may hold us to these when you find a vulnerability in one of our systems.

If you are familiar with PGP you can send an encrypted e-mail to security@voys.nl. If you wish, you can include your e-mail address and phone number, because we would like to thank you personally for your help. If you are not familiar with PGP please use our Responsible Disclosure form below.

You should keep the following in mind:

• Make a disclosure as soon as possible after a discovery of a vulnerability.
• Do not share the information about the security problem with third parties. We are very quick with patches.
• Try not to take your actions beyond what is necessary to demonstrate the security problem.

Thus, you are not allowed to:

• post malware.
• copy, modify or delete data.
• make modifications in or to our systems.
• repeatedly gain access to the system or share access with others.
• use so-called “bruteforcing” of access to systems.
• use denial-of-service or social engineering.

What you can expect of us:

• Taking the above into account, we will not attach any legal consequences to this report.
• We will treat your data confidentially.
• We will mention your name -if you wish- on our security wall of fame.
• After making a report, we will let you know how we are processing it and when you can expect a solution.
• Let you know when the report has been processed.
• That we resolve the report as quickly as possible, taking into account the impact of the report made.
• We thank you – in an appropriate way – for your help. We do not have a bounty program

Thank you for your help in keeping our systems secure.