CVD report | Berenschot

How we work Who we are Careers Insights
Contact
NL Nederland | Nederlands EN Global | English BE - NL België | Nederlands BE - FR Belgique | Français
Search for services, subjects, articles, etc.
Pages
{{item.Title}}
{{item.TypeLabel}}
CVD report

Report vulnerability

People reporting a vulnerability

At Berenschot, we consider the security of our systems to be of utmost importance. Despite our diligent efforts to safeguard our infrastructure, it is possible that vulnerabilities may still exist. Should you identify a weakness in one of our systems, we kindly request that you inform us so that we may take appropriate measures as swiftly as possible. We are committed to working collaboratively with you to enhance the protection of our clients and systems.

We respectfully ask that you:

  • Submit your findings via email to security-alerts@berenschot.nl
  • Refrain from exploiting the vulnerability, for instance by downloading more data than necessary to demonstrate the issue, or by accessing, deleting, or modifying third-party information,
  • Avoid disclosing the issue to others until it has been resolved, and promptly delete any confidential data obtained through the vulnerability once it has been addressed,
  • Abstain from using methods such as physical security breaches, social engineering, distributed denial-of-service (DDoS) attacks, spam, or third-party applications,
  • Provide sufficient detail to enable us to reproduce and resolve the issue effectively. Typically, the IP address or URL of the affected system and a description of the vulnerability will suffice; however, more complex issues may require additional information.

Our commitments to you:

  • We will respond to your report within three business days, providing our assessment of the issue,
  • Provided you have adhered to the aforementioned conditions, we will not pursue legal action in relation to your report,
  • We will treat your report with strict confidentiality and will not share your personal information with third parties without your explicit consent, unless legally required to do so. Reporting under a pseudonym is permitted,
  • We will keep you informed of the progress made in resolving the issue,
  • As a token of our appreciation, we offer a reward for a report concerning a previously unknown security vulnerability. The amount of the reward will be determined based on the severity of the issue and the quality of the report.

 

We strive to resolve all reported issues promptly, to keep all relevant parties informed, and we would like to be involved in any potential publication regarding the issue, once it has been fully resolved.