At R&R, we believe that the security of our systems is very important. If you have found a weak spot in one of our systems, please let us know so that we can take action as soon as possible. We would like to work with you to better protect our customers and our systems.
We ask you:
- Email your findings to security@rr-wfm.com.
- Do not abuse the problem by, for example, downloading more data than necessary to prove the leak or by accessing, deleting or modifying data of third parties.
- Do not share the problem with others until it is resolved and delete all confidential data obtained through the leak immediately after it is resolved.
- Provide sufficient information to reproduce the problem so that we can fix it as soon as possible. Usually, the IP address or URL of the affected system and a description of the vulnerability is sufficient, but for more complex vulnerabilities, more may be required.
- No use of:
- Placing malware.
- Copying, modifying or deleting data in a system.
- Repeatedly gaining access to the system or sharing access with third parties.
- Using brute-forcing to access systems.
- Using denial-of-service or social engineering.
What we promise:
- We will respond to your report within three days with our assessment of the report and an expected date for resolution.
- If you have complied with the above conditions, we will not take any legal action against you regarding the report.
- We will treat your report as confidential and will not share your personal data with third parties without your consent, unless this is necessary to fulfil a legal obligation.
- Reporting under a pseudonym is possible.
- We will keep you informed of the progress in solving the problem.
- In reporting the reported problem, we will, if you wish, mention your name as the discoverer.
We strive to solve all problems as quickly as possible and we are happy to be involved in any publication about the problem after it is solved.
Source text responsible disclosure
This text was written by Floor Terra and is published under a Creative Commons Attribution 3.0 licence: https://creativecommons.org/licenses/by/3.0/nl/.
The original text has been adapted to the situation and applicability for R&R.