Coordinated Vulnerability Disclosure (CVD) at Aces Direct
Have you found a weak spot in one of Aces Direct's IT systems? Then we would like to hear from you as soon as possible. So we can take the necessary measures.
We have drawn up the policy below. This describes how to deal with reports of vulnerabilities found in Aces Direct's IT systems.
What if you found a weak spot in our system?
- We request that you email this to firstname.lastname@example.org as soon as possible.
- In the e-mail we ask you to include your contact details, so that we can solve the problem as soon as possible. Usually, the IP address or URL of the affected system and a description of the vulnerability will suffice, but more complex vulnerabilities may require more.
- We ask for a maximum of 3 months to fix the vulnerability before it is shared with third parties.
- We request that you act responsibly with the knowledge of the security vulnerability by not taking any action that goes beyond what is necessary to demonstrate the security vulnerability.
Perhaps unnecessary, but we would like to emphasize that the following actions are prohibited by law:
- Placing malware.
- Copying, modifying or deleting data in a system (an alternative to this is making a directory listing of a system).
- Making changes to the system.
- Repeatedly accessing or sharing the system with others.
- Using the so-called “brute forcing” of access to systems.
- Using denial-of-service or social engineering.
What can you expect from Aces Direct?
- Aces Direct treats a report confidentially and does not share personal data with third parties without the consent of the reporter, unless this is required by law or by virtue of a court decision.
- You will receive a confirmation of your report from us within 3 days.
- You will receive a message within 7 working days with the assessment of the report and an expected resolution date.
- We will resolve the identified weakness as quickly as possible (within 90 days at the latest). It can be determined in consultation whether and how the problem will be communicated.
- As a thank you for helping us keep our systems safe, we're offering a reward. Depending on the level of the security problem and the quality of the report, we offer a reward (an Amazon voucher of max 100 euros).
Thanks for cooperating. For more information you can always send an email to email@example.com.