Responsible Disclosure (CVD)
At LTP, we consider the security of our systems to be extremely important. Despite the care we take to secure our systems, vulnerabilities may still exist. If you discover a weakness in one of our systems, we would appreciate it if you inform us so that we can take appropriate measures as quickly as possible. We value working together with you to better protect our clients, participants, and systems.
We ask you to:
- Send an email to magikindehalloffame@ltp.nl. We will respond within 7 days with instructions on how to securely share your findings with us.
- Not exploit the vulnerability, for example by downloading more data than necessary to demonstrate the issue, or by accessing, deleting, or modifying third-party data.
- Not share the vulnerability with others until it has been resolved, and to delete any confidential data obtained through the vulnerability immediately after it has been fixed.
- Refrain from using attacks on physical security, social engineering, distributed denial of service (DDoS), spam, or third-party applications.
- Provide sufficient information to reproduce the issue so that we can resolve it as quickly as possible. In most cases, the IP address or URL of the affected system and a description of the vulnerability will suffice, but more complex issues may require additional details.
- Share any tips that may help us resolve the issue. These are very welcome.
What you can expect from us:
- We will respond to your report within 7 days with our initial assessment and, if possible, an expected timeline for a solution.
- If you have complied with the above conditions, we will not take legal action against you in relation to your report.
- We will treat your report confidentially and will not share your personal details with third parties without your consent, unless required by law. Reporting under a pseudonym is possible.
- We will keep you informed about the progress of resolving the issue.
- In any public communication about the reported issue, we will acknowledge you as the discoverer, if you wish.
- As a token of our appreciation, we offer a place in our Hall of Fame for every report of a previously unknown security issue.
We aim to resolve all issues as quickly as possible and appreciate being involved in any publication about the vulnerability after it has been resolved.
This Responsible Disclosure policy is based on the text by Floor Terra, published under a Creative Commons Attribution 3.0 license.
