Follow my blog with Bloglovin

Vulnerability disclosure

At Fellow Digitals, the safety of our systems is very important to us. In spite of our care for the security of our systems, it can still happen that there is a weak spot.

Should it be the case that you have detected a weak spot in one of our systems, we ask you to inform us as soon as possible. That way, we can take the necessary measures.

Please consider the following points:

  • Immediately contact our Security team via privacy@fellowdigitals.com and describe the findings in general terms, so that third parties cannot abuse this report. You will then be contacted as soon as possible.
  • Do not abuse the problem by, for example, downloading more data than is necessary to prove the leak or accessing, deleting, or modifying third party data.
  • Do not share the problem with others until it has been resolved and delete all confidential data obtained through the leak immediately after the leak has been plugged.
  • Do not use attacks on physical security, social engineering, distributed denial of service, spam, or third-party applications.
  • Provide sufficient information to reproduce the problem so that we can solve it as quickly as possible. Usually the IP address or URL of the affected system and a description of the vulnerability is sufficient, but more information may be needed for more complex vulnerabilities.

What we promise:

  • We will respond to the report within 3 days with our assessment of the report and an expected date for resolution.
  • If you have complied with the above terms and conditions, we will not take any legal action against you regarding the report.
  • We will treat your report confidentially and will not share your personal details with third parties without your permission unless this is necessary to comply with a legal obligation. Reporting under a pseudonym is possible.
  • We will keep you informed about the progress of solving the problem.
  • In reporting the reported problem, we will mention your name as the discoverer if you wish.

We strive to solve all problems as quickly as possible and we would like to be involved in any publication about the problem after it has been solved.