Responsible Disclosure

Better safe than sorry!

Optimise is part of Touch Network B.V. We consider the security of our systems to be very important. Despite our concern for the security of our systems, there may still be a weak spot. If you have found a vulnerability in one of our systems, we would like to hear from you. This way we can take measures as quickly as possible. We would like to work with you to better protect our customers and our systems.

We ask you:

  • Email your findings to privacy@touchincentive.com;
  • Not exploit the vulnerability by, for example, downloading more data than necessary to demonstrate the vulnerability or by viewing, deleting or modifying third-party data;
  • Not to share the vulnerability with others until it is fixed, and immediately after plugging the leak, delete any confidential data that was obtained;
  • Not to use physical security attacks, social engineering, distributed denial of service, spam or third-party applications;
  • Provide sufficient information to reproduce the vulnerability so that we can resolve it as quickly as possible. Usually the IP address or URL of the affected system and a description of the vulnerability is sufficient, but more may be required for more complex vulnerabilities.

What we promise:

  • We will respond to your report within 5 days. We will indicate whether it is a vulnerability unknown to us or not;
  • If it is an unknown vulnerability, we are going to determine its risk and decide whether to implement the solution you suggested. If so, we'll keep you updated on the progress of resolving the issue;
  • As a thank you for your help, we offer a reward of €25 for every report of a vulnerability still unknown to us for which we decide to implement your proposed solution;
  • If you have complied with the above conditions, we will not take any legal action against you as a result of your report;
  • We will treat your report confidentially and will not share your personal data with third parties without your consent, unless it is necessary to fulfill a legal obligation. Reporting under a pseudonym is possible. In communications about the reported vulnerability we will, only if you wish, include your name as the discoverer.

Want to know more about how we ensure you and our safety? Then also read our privacyverklaring.
 

Copyright © 2024 Optimise by Touch Network