RESPONSIBLE DISCLOSURE

    At Ctac, we consider the security of our systems to be of utmost importance. Despite our efforts to secure our systems, there may be instances where a vulnerability exists.

    If you have discovered a vulnerability in any of our systems, we would appreciate it if you could inform us so that we can take measures as quickly as possible. We would like to collaborate with you to better protect our customers and our systems.

We kindly ask you to:

- Email your findings to security@ctac.nl. Encrypt your findings to prevent the information from falling into the wrong hands.

- Avoid exploiting the issue by, for example, downloading more data than necessary to demonstrate the vulnerability or accessing, deleting, or modifying third-party data.

- Refrain from sharing the issue with others until it is resolved, and promptly delete any confidential data obtained through the vulnerability after it has been patched.

- Avoid using attacks on physical security, social engineering, distributed denial of service, spam, or third-party applications. 

- Provide sufficient information to reproduce the issue so that we can resolve it as quickly as possible. Typically, the IP address or URL of the affected system and a description of the vulnerability are sufficient, but more may be required for complex vulnerabilities.

What we promise:

  • We will assess each report.
  • If you have adhered to the above conditions, we will not take legal action against you regarding the report.
  • We will treat your report confidentially and will not share your personal data with third parties without your consent unless necessary to comply with a legal obligation.
  • As a token of appreciation for your assistance, we may decide to provide a reward for critical reports of a security issue unknown to us. Whether or not a reward is granted will be determined based on the severity of the vulnerability and the quality of the report.

We strive to resolve all issues as quickly as possible. We appreciate and thank you for your cooperation in helping us better protect our systems and those of our customers.