Responsible Disclosure

We consider the security of our systems top priority. Despite our concern for the security of our systems, vulnerabilities may still be present. If you find a vulnerability in one of our systems, we would like to know about it. This way we can take measures as quickly as possible. We are happy to work with you to enhance the protection of our systems.

Please do the following

• E-mail your findings to securityofficer@scholt.com.
• Provide sufficient information to reproduce the problem so that we can resolve it as quickly as possible. Usually the IP address or URL of the affected system and a description of the vulnerability will suffice, but more complex vulnerabilities may require more information.
• Do not take advantage of the vulnerability, for example by downloading more data than is necessary to demonstrate the vulnerability or deleting or modifying other people’s data.
• Do not reveal the vulnerability to others until it has been resolved. We also ask you to delete all confidential data obtained immediately after we resolve the vulnerability.
• Do not use attacks on physical security, social engineering, distributed denial of service, deployment of malware, spam or third party applications.

What we promise

• We respond to your report within 5 days with our evaluation and an expected resolution date.
• We handle your report with strict confidentiality and do not share your personal information with third parties without your permission, unless we are legally obliged to.
• We aim to resolve the problem as quickly as possible and while resolving the problem, we will keep you informed of the progress. In the public information concerning the problem reported, we will give your name as the discoverer (unless you desire otherwise).
• If you have followed the instructions above, we will not take any legal action against you in regard to the report.