Lees in het Nederlands

Responsible Disclosure at Speakup

Speakup stands for privacy and security and does everything possible to make its systems as secure as possible. However, it may happen that you find a vulnerability in one of our systems. If you find such a vulnerability, we would like to hear about it as soon as possible. We can then take immediate measures to optimally protect our customers and systems.

Email your findings to cert@speakup.nl. If possible, please use our PGP key to protect the content of the email. Provide sufficient information with your email, such as IP addresses or URLs of the affected systems. If applicable, we would also like to see proof-of-concept code.

Contact details

Speakup BV
Pantheon 25
7521 PR Enschede
The Netherlands
Phone +31 88 77 32 587
Email info@speakup.nl
Website www.speakup.nl

Conditions

We ask you to adhere to the following conditions:

  • Do not abuse the discovered vulnerability, for example by: placing malware, sharing access with others, downloading more data than necessary to demonstrate the leak, or viewing, deleting, or modifying third-party data.
  • Do not share the problem with others until it has been resolved.
  • Delete all confidential data obtained via the leak immediately after the problem has been resolved.
  • Do not use attacks on physical security, social engineering, distributed denial of service, spam, or third-party applications.
  • Provide us with sufficient information to reproduce the problem so that we can solve it as soon as possible. Usually, the IP address or URL of the affected system and a description of the vulnerability are sufficient, but more complex vulnerabilities may require more (such as proof-of-concept code).

Compensation

In return, we promise that we will:

  • Respond to your report within 7 days with our assessment of the report and an expected resolution time;
  • Not take legal action against you, provided you have complied with the above conditions;
  • Handle your report confidentially and not share personal data with third parties without permission unless necessary to comply with a legal obligation;
  • Keep you informed of the progress of solving your report;
  • Mention your name in reporting about the problem if desired;
  • Offer a reward as thanks for your help for every report of a security problem unknown to us. We determine the size of the reward based on the severity of the leak and the quality of the report;

We strive to solve all problems as soon as possible. If you would like to publish about the problem after it has been resolved, we would like to be involved.