Responsible Disclosure

Lardum takes security of our systems very serious. Despite our massive efforts to provide the best security to our systems nothing is perfect. If you discover a vulnerability within one of our systems, please do reach out to us. This allows us to take proper measures as quickly as we can.

Vulnerabilities can be discovered in two different ways: an accidental discovery while engaged in ‘regular’ use of our services. Or you actually target and put effort into discovering vulnerabilities. Our responsible disclosure policy is no invitation to conduct active & advanced scanning of our systems in order to find a vulnerability. We actively monitor our own networks and systems which may result in your activity being picked up, resulting in an investigation and a possible fine.

We would like to work together in order to provide even better security to our systems.

What we ask from you:

  • Report your findings on this page. (use the button at the bottom of the page)
  • To not exploit / abuse the problem by for example, collecting more data then necessary, browsing through data of third parties, erasing or editing data. We always take your reports very seriously and will always investigate every suspected vulnerability.
  • To not share the problem with anyone else until the problem has been solved. And to erase all collected confidential information after the problem has been solved.
  • To not make any attempts to penetrate physical security, social engineering, distributed denial of service, spam or third party applications.
  • Provide a detailed summary of information to provide us the ability to reproduce the problem. This allows us to solve the problem as fast as we can. Usually the IP-address or the URL of the affected system, and a brief explanation of the vulnerability will do. However more complex problems may require some additional information.

What we promise:

  • A response time of 5 workdays with our assessment of your report, and an estimate of when the problem will be solved.
  • We consider your report confidential and will take all measure to ensure confidentiality. We will not share any personal information with any third parties unless this is necessary to be in compliance with any legal requests. Submitting reports under an alias is possible.
  • We will keep you up-to-date our progress to solve the problem.
  • If you are in compliance with the requirements as mentioned on this page, we will not take any legal action against you in regards to the report.
  • A one-time financial reward of €25 for regular problems and €50 for serious problems.
report vulnerability