Responsible Disclosure

We do our best to keep our systems secure. Nevertheless, vulnerabilities can occur. Reports that help us improve security are highly appreciated. Reports must be made without damage and without misuse of systems.

Meldingen moeten plaatsvinden zonder schade en zonder misbruik van systemen.

 

We ask researchers to do the following:

2.1 Reporting point

Submit your report via the official channel: info@loqit.nl

(If desired, a PGP key can also be provided for encrypted communication.)

2.2 Content of the report

Provide sufficient information so that we can reproduce the problem:

description of the vulnerability

IP address, URL, or endpoint where the problem was found

steps to replicate the problem

tools used (if relevant)

the impact of the vulnerability

contact details for follow-up (may be anonymous)

2.3 What you must not do

To prevent damage, we explicitly request researchers to:

not modify, delete, or download data

(only minimal data necessary to demonstrate the vulnerability)

not use social engineering

not carry out DDoS, brute-force, or spam attacks

not attempt to gain access to other accounts or systems

not attack physical security

not manipulate or copy production data

not apply automation that can cause disruptions

When you adhere to these conditions, LoQit views you as an ethical researcher and not as an attacker.

3.1 We respond promptly

You will receive confirmation of your report within 3 working days.

We will provide an assessment of the severity and an expected resolution time.

3.2 No legal action

If you adhere to the rules of this policy, we will not file a police report or take legal action.

3.3 Confidential treatment

Your report will be treated confidentially.

Personal data will not be shared without your consent.

3.4 Feedback

You will be kept informed of the progress until the vulnerability is resolved.