If you have found a weak spot in one of our systems, we would like to hear about this from you directly, so necessary measures can be takens as quickly as possible. In order to enhance system security responsibility, we kindly draw your attention to the following.
We ask you kindly:
- to email your findings to firstname.lastname@example.org
- to provide us with sufficient information to reproduce the problem, so that our team can address it as quickly as possible. The IP address or the URL of the system or API affected and a description of the findings are usually sufficient..
- to leave you contact details, so if we have any questions we can contact you.
- to report your findings as quickly as possible after its discovery.
- not to share any information on the findings with any other party than designated persons at Prepr.
- to handle the knowledge on the findings with care by not performing any acts other than those necessary to reveal the findings.
We expect you not to:
- install malware.
- copy, change, or delete data in a system.
- make changes to code or records.
- repeatedly access the system or share access with others than designated persons at Prepr.
- use so-called “brute force” to access systems.
- use denial-of-service or social engineering to access systems.
- use any software to automatically check for potential leaks in our systems.
- perform any action that might potentially have a disruptive effect on our systems.
What can you expect:
- Prepr does not share your personal details with third parties without your permission, unless this is mandatory by any law or regulation.
- Only after mutual consultation, your name can be mentioned as the person who made the findings.
- Prepr will send you a confirmation of receipt as soon as reasonably possible (at most 2 weeks, depending on the seriousness of the findings).
- Prepr offers a reward as thanks for help. Depending on the seriousness of the findings and the quality of the report, the reward can vary from a merchandise T-shirt up to to a maximum EUR 100 in gift vouchers. It must at least concern a serious finding that is unknown to our team and. (With a maximum of EUR 250 per person/organisation). Please note that it is not allowed to use any software tools to check for potential leaks.