We consider the security of our clients and systems a top priority but unfortunately we are not immune for human mistakes and therefore we can make mistakes in our daily job, so
unfortunately there can still be vulnerabilities present.
If you came across a vulnerability we’d like to know so we can take steps to address it as quickly as possible. If we’re working together, we’re working safer.
How to address a vulnerability
We ask you to do the following:
- E-mail your findings to [email protected].
- Do not take advantage of the vulnerability or problem you have discovered, for example by downloading more data than necessary to demonstrate the vulnerability or deleting or modifying
other people's data,
- Do not reveal the problem to others until it has been resolved,
- Do provide sufficient information to reproduce the problem, so we will be able to resolve it as quickly as possible. Usually, the IP address or the URL of the affected system and a
description of the vulnerability will be sufficient, but complex vulnerabilities may require further explanation.
What we promise:
- We will be thankful to you showing us the vulnerability you found.
- We will respond to your report as soon as possible of the report and an expected resolution date.
- We will not take any legal action against you if you follow the steps disclosed in the article above.
- In exceptional cases, depending on the impact of the issue we might reward you financially, this can be in store credit.
- We will handle your report with strict confidentiality, and never pass on your personal details to third parties without your permission.
- We will keep you informed of the progress towards resolving the problem.
Scope
The following properties of RoyaleHosting B.V. are in scope for the responsible disclosure program:
- *.royalehosting.nl
- *.royalehosting.net
- Internal systems in management of RoyaleHosting B.V.
These items are excluded:
- Issues which have been already submitted;
- Physical attacks against RoyaleHosting B.V. or their employees;
- Misconfigured header items;
- Social engineering of RoyaleHosting B.V., their employees, contractors, vendors or service providers;
- Knowingly posting, transmitting, uploading, linking to, or sending any malware;
- Applications, websites or other properties of RoyaleHosting B.V. their customers;
- Misconfigured DNS records;
- UI- and UX-bugs and spelling mistakes;
- Network level Denial of Service (DoS/DDoS)-vulnerabilities;
- Applications and systems which aren’t disclosed under the above “Scope” statement.
Happy hacking!