Responsible Disclosure

It is essential that the security of our systems is guaranteed. If a vulnerability is discovered somewhere within our systems, we strongly encourage you to share it with us. We will immediately take appropriate measures to address the vulnerability found.

To deal responsibly with such vulnerabilities, we follow strict guidelines that we adhere to as soon as a vulnerability is found in our systems. We expect these guidelines to be respected when reporting a vulnerability.

If you are familiar with PGP, you can send an encrypted email to security@nexer.nl

Providing your email address and phone number is appreciated so that we can thank you personally for your assistance. If you are not familiar with PGP, you can use our Responsible Disclosure form provided below.

We kindly ask you to keep the following guidelines in mind:

• Report the vulnerability as soon as possible after discovery.
• Do not share information about the vulnerability with third parties. We respond quickly with the necessary patches.
• Limit your actions to a minimum to demonstrate the security issue.

It is not allowed to:

• Malware.
• Make copies of, change or delete data.
• Make adjustments to or to our systems.
• Repeatedly gain access to the system or share access with others.
• Using brute force to gain access to systems.
• Use denial-of-service or social engineering.

You can expect us to:

• We do not attach any legal consequences to the report, as long as the guidelines are complied with.
• We treat your data confidentially.
• If desired, we will mention your name on our security wall of fame.
• We respond quickly to your report and indicate when you can expect a solution.
• We will keep you informed of the processing of the report.
• We will resolve the report as quickly as possible, taking into account the impact of the reported vulnerability.
• We thank you appropriately for your help.
  We thank you for helping to keep our systems safe.