Datarotonde

Responsible Disclosure

Reporting Vulnerabilities

Datarotonde attaches great importance to providing a secure integration platform and safe services. We therefore consider it essential that the security of the systems and services under our management is in good order. Nevertheless, a weakness in security may exist or arise that Datarotonde is not yet aware of.

Who can report vulnerabilities

A security weakness can be discovered by external parties as well as by employees of Datarotonde. We appreciate being informed about such issues so that they can be resolved as quickly as possible.

Datarotonde does not operate a bug bounty program and unsolicited penetration tests or security scans are not appreciated.

What is expected from the reporter

When reporting vulnerabilities, it is important to handle the information responsibly and to make clear agreements about follow-up. If you discover a vulnerability, please:

  • Contact the Datarotonde customer service as soon as possible and report your findings.
  • Handle the information responsibly and do not share it with others until the vulnerability has been resolved.
  • Do not collect more data or perform actions beyond what is necessary to demonstrate the vulnerability.
  • Do not abuse the discovered vulnerability.
  • Delete all obtained data related to the vulnerability once it has been resolved.

How to report a vulnerability

Vulnerabilities can be reported to the Datarotonde customer service, available on business days from 08:00 to 18:00 via:

Please include at least:

  • The system in which the vulnerability was found, including URLs, IP addresses or other identifying information.
  • A clear description of the vulnerability, optionally including steps to reproduce the issue.

What a reporter can expect

A person reporting a vulnerability can expect:

  • A confirmation of receipt and a substantive response as soon as possible.
  • That the report will be handled confidentially.
  • That personal data will not be shared with third parties without consent, unless legally required.
This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.