Responsible Disclosure

Have you discovered a security flaw in an ICT system belonging to Pourify? We encourage you to notify us first before disclosing it to the outside world, following the practice of 'responsible disclosure.'

What to do:

  • Please send us an email to responsibledisclosure@pourify.com
  • Provide enough detail to enable us to reproduce the flaw for swift remediation. Typically, the computer's IP address or ICT system's URL, along with a description of the security flaw, should suffice. For more complex flaws, additional details may be required.
  • Leave your contact details, such as an email address or telephone number, so we can reach out to you later.
  • Report the flaw promptly after discovery.
  • Do not share any information about the flaw with others until it has been remedied.
  • Handle the information responsibly and only perform actions necessary to demonstrate the security flaw.

What not to do:

  • Do not send malware.
  • Do not copy, change, or delete data in the ICT system (you can create a directory listing of the system as an alternative).
  • Do not alter the system.
  • Do not repeatedly access the system or share access with others.
  • Do not attempt brute force attacks on the system.
  • Do not engage in denial of service or social engineering attempts.

What to expect:

  • Upon reporting the security flaw and adhering to the stated conditions, Pourify will not impose any legal consequences on your notification.
  • We treat all notifications received with confidentiality and do not share your personal details with third parties without your permission unless required by law or a court order.
  • With your consent, Pourify can acknowledge your name as the discoverer of the security flaw in our Hall of Fame.
  • You will receive an acknowledgement of receipt from Pourify within 72 hours.
  • Within three working days, we will respond to your notification, providing an assessment and the expected remediation date.
  • As the one who discovered the flaw, you will be kept informed of the progress made in remedying it.
  • Pourify will prioritize remediation, aiming to resolve the flaw as soon as possible and no later than 60 days after receiving the notification. We will collaborate with you on determining the appropriate public disclosure timeline, which will only occur after the flaw has been addressed.
  • As an appreciation of your work, Pourify will provide you with recognition and acknowledgment.

For more information, please leave your email address!

© Pourify Every drop counts.

2024 Pourify BV, Rozengracht 145, 1016LW Amsterdam, The Netherlands