We would like to ask you to:

• Email your findings to trustcenter@shockmedia.nl. You can encrypt your findings with our PGP key to prevent this critical information from falling into the wrong hands.
• Not take advantage of the vulnerability or problem you have discovered, for example by downloading more data than necessary to demonstrate the vulnerability or by deleting or modifying other people’s data. We will take every report very seriously, even if you do not provide us with ‘evidence’.
• Delete all confidential information obtained through the breach as soon as possible after our confirmation that we have been able to reproduce the issue.
• Not to scan our network or infrastructure for vulnerabilities excessively. We have monitoring in place and will likely detect and investigate such scans, which may result in unnecessary costs.
• Not use physical security attacks, social engineering, phishing, distributed denial of service, and not place any malware or backdoors on our systems.
• Treat any information about the issue as confidential and not share it with others.
• Provide sufficient information to reproduce the problem so we can resolve it as quickly as possible. Usually, the IP address or the URL of the affected system and a description of the vulnerability will suffice, but complex vulnerabilities may require further explanation.

If you do, we promise:

• We will respond to your report within 3 business days with our evaluation of the report and an expected resolution date.
• If you have followed the instructions above, we will not take any legal action against you in regard to the report.
• We will handle your report with strict confidentiality and will not pass on your personal details to third parties without your permission. You can report your findings under an alias.
• We will keep you informed of the progress towards resolving the problem.
• If we publish any information about the reported problem, we will mention you as the reporter unless you prefer otherwise.
• Although there is no financial reward, if you report a significant security problem that is still unknown to us, we would be happy to reward you with a small gift as a token of our gratitude.
• If you wish, we can also include you as a reporter in our Acknowledgments.

We strive to resolve all problems as quickly as possible, and we would like to play an active role in any publication about the problem after it has been resolved.