Phone icon +31 53 428 0105Email icon info@altstack.eu
open van 9.00-17.00 uur, weekend gesloten
Search icon Start nu direct

Documentation

Coordinated Vulnerability Disclosure

(Responsible Disclosure)

Our commitment to a more secure internet

AltStack strives to keep up to date on current privacy and security best pracices. Nevertheless, it may happen that there is a weakness in one of our systems or websites. If you should discover such a vulnerability, we would very much appreciate your reporting it to us by sending an email to: noc@altstack.eu. You are encouraged to use our GPG key to encrypt sensitive data.

By reporting the vulnerability before you make it known to the outside world, you enable AltStack to take measures first. This is called Coordinated Vulnerability Disclosure (formerly Responsible Disclosure). How to report a vulnerability

If you report a vulnerability in an ICT system, please consider the following:

  • Include sufficient information in your report to reproduce the issue, which helps AltStack to resolve the issue quickly. It is usually sufficient to state the IP address or URL of the system affected and a description of the vulnerability. Further details may be required for more complex vulnerabilities.
  • Provide your contact details (email address or telephone number) so AltStack can contact you.
  • Submit your report as quickly as possible after discovering the vulnerability.
  • Do not share information about the security issue with others until it has been resolved.
  • Handle knowledge about the security issue responsibly by not taking any action other than what is necessary to demonstrate the security issue.

Do not take advantage of a vulnerability in an ICT system

If you discover a vulnerability, do not abuse it. For example, by:

  • installing malware;
  • copying, changing or deleting data in a system (an alternative is creating a directory listing of a system);
  • making changes to the system;
  • repeatedly gaining access to the system or sharing access with others;
  • using brute-force attacks to gain access to a system;
  • using Denial of Service or social engineering.

How does AltStack handle your report?

AltStack handles your report as follows:

  • AltStack will respond to your report within three working days. The response will include an assessment of the issue and a date by which the issue is expected to be resolved.
  • AltStack will keep you, the reporting party, informed about the progress in the resolving of the issue.
  • AltStack will try to resolve the security issue as soon as possible, but at the very latest within 60 days. Together with you, AltStack will decide whether and when to release details, if any, of the issue you reported. Such details are only published once the issue has been resolved.

AltStack will handle your report confidentially and will not share personal details with third parties without your consent, unless obliged to do so pursuant to a statutory provision or court ruling. If you wish, AltStack will mention your name as the person who discovered the reported vulnerability.

Breek los van Big Tech!

Laat AltStack je helpen met Big-Tech-vrije IT - Weten wat we voor jou kunnen betekenen?

Neem contact op