At NDIX, we consider the security of our systems very important. Despite our care for the security of our systems, a weak spot might still occur.
If you have found a vulnerability in one of our systems, we would like to hear about it so we can take the required security measures as quickly as possible. We would like to work with you to better protect our customers and our systems.
We ask you:
- Email your findings to firstname.lastname@example.org,
- Not to misuse the problem by, for example, downloading more data than necessary to demonstrate the leak or accessing, deleting or modifying third-party data,
- Not to share the problem with others until it is resolved and to delete all confidential data obtained through the leak immediately after the leak is closed,
- Not to use physical security attacks, social engineering, distributed denial of service, spam or third-party applications, and
- To provide sufficient information to reproduce the problem so that we can fix it as soon as possible. Usually the IP address or URL of the affected system and a description of the vulnerability is sufficient, but more may be required for more complex vulnerabilities.
What we promise:
- We will respond to your report within 5 working days with our assessment of the report and an expected date for a resolution,
- If you have complied with the above conditions, we will not take any legal action against you regarding the report,
- We will treat your report confidentially and will not share your personal information with third parties without your consent unless necessary to comply with legal obligations. Reporting under a pseudonym is possible,
- We will keep you informed of the progress in resolving the problem,
- In notifying you of the reported problem, we will, if you wish, include your name as the discoverer.
We aim to resolve all problems as soon as possible and we will be happy to be involved in any publication about the problem after it is resolved.