At FD Mediagroep we attach great importance to the security of our systems. While we make every effort to ensure the security of our systems, there might still be a vulnerable point somewhere.
Please let us know if you have identified a vulnerable point in one of our systems, so that we can take appropriate steps as soon as possible. We are keen to cooperate with you, to better protect our customers and our systems.
What we ask from you:
- Email details of your findings to firstname.lastname@example.org.
- Neither to exacerbate the problem by downloading more data than is strictly necessary to demonstrate the vulnerability, for example, nor to view, delete or modify third-party data,
- Not to reveal the problem to others until it has been resolved, and to immediately erase any confidential data obtained via the vulnerability once the vulnerability has been remedied,
- Not to engage in attacks on physical security, nor to use social engineering, distributed denial of service, spam or third party applications, and
- Provide sufficient information to reproduce the problem, thereby enabling us to resolve it as soon as possible. Usually, the IP address or URL of the affected system and a description of the vulnerability will suffice, but more complex vulnerabilities may require further details.
What we promise:
- We will respond to your notification within three business days by delivering our evaluation of the notification plus an expected resolution date,
- If you have complied with the above conditions, we will take no legal action against you regarding the notification,
- We will handle your notification with strict confidentiality. We will not share your personal details with third parties without your permission, unless we are under a legal obligation to do so. You can also use a pseudonym when submitting a notification,
- We will keep you updated on the progress of our efforts to resolve the problem,
- If you wish, we will also credit you for the discovery of the problem in any press releases issued, and
- As a token of our appreciation for your assistance, we are offering a reward for all notifications concerning security problems of which we were previously unaware. We will determine the size of the reward based on the seriousness of the vulnerability and the quality of the notification. The minimum reward will be a gift voucher to the value of €50.
We endeavour to resolve all problems as soon as possible. Furthermore, we would very much like to be involved in any publications concerning the problem, once it has been resolved.