Responsible Disclosure
At Aster, the security of our IT systems is of utmost importance and we strive for the highest levels of security. Despite our efforts to safeguard our IT systems, vulnerabilities may still occur. This document outlines how we handle such situations.
If you find a vulnerability or security breach in any of our systems, we would appreciate it if you could inform us so that we can take action as quickly as possible. Please note: our responsible disclosure policy is not an invitation to actively scan our network extensively for vulnerabilities. We would like to collaborate with you to better protect our systems and resolve any issues as swiftly as possible. Therefore, we kindly request that you share any relevant information with us.
Therefore, we kindly ask you to:
- Email your findings only to informatiebeveiliging@asterict.nl
- Refrain from exploiting the vulnerability by, for example, downloading more data than necessary to demonstrate the issue, or by accessing, deleting or modifying third-party data.
- Avoid deleting or modifying data or components of our software system
- Not share your findings with others until the issue has been resolved.
- Delete any confidential data you obtained through the vulnerability immediately after the issue has been resolved.
- Avoid physical security attacks, social engineering, distributed denial of service (DDoS), spam, or using third-party applications.
- Provide sufficient information (such as a detailed description including IP addresses, logs, steps to reproduce the issue, screenshots, etc.) to help us reproduce the problem, enabling us to address it as quickly as possible.
Our promises to you:
- We will respond to your report within five working days, providing an assessment of the report and an expected date for resolution.
- We will handle your report confidentially and will not share your personal information with third parties without your consent, unless required by law.
- We will keep you informed of the progress in resolving the issue.
Our goal:
We aim to resolve all IT issues as quickly as possible and would appreciate the opportunity to collaborate with you on any publication about the issue once it’s resolved.
Changes:
We reserve the right to revise this policy periodically. Please check our website regularly for the latest version of our Responsible Disclosure policy.