Responsible Disclosure Statement

At Enecogen, we consider the security of our systems to be very important. Despite the care we take to secure our systems, a vulnerability may still occur. If you discover a vulnerability in one of our systems, we would appreciate hearing from you so that we can take appropriate measures as quickly as possible. We are happy to work with you to protect our systems and the personal data entrusted to us—such as that of customers and employees—as effectively as possible.

We ask

Please send your findings by email to responsibledisclosure@enecogen.nl.

  • Do not exploit the vulnerability, for example by downloading more data than necessary to demonstrate the issue, or by accessing, deleting, or modifying other people’s data.
  • Do not share the vulnerability with others until it has been resolved. We also ask you to delete all confidential data obtained immediately after the vulnerability has been fixed.
  • Do not use attacks on physical security, social engineering, distributed denial-of-service (DDoS), spam, or third-party applications.
  • Provide sufficient information to allow us to reproduce the issue so that we can resolve it as quickly as possible. In most cases, the IP address or URL of the affected system and a description of the vulnerability are sufficient, but more information may be required for more complex issues.

What we promise

We will respond to your report within 5 business days with an assessment of the report and an expected date for a resolution.

  • If you comply with the above conditions, we will not take any legal action against you.
  • We will treat your report confidentially and will not share your personal data with third parties without your consent, unless this is necessary to comply with a legal obligation. Reporting under a pseudonym is possible.
  • We will keep you informed of the progress while the issue is being resolved.
  • In communications about the issue, we will mention your name or pseudonym as the discoverer of the issue, if you so wish.
  • We aim to resolve all issues as quickly as possible. In addition, we would like to be involved in any publication about the issue after it has been resolved.