We are happy to work with you to resolve this situation as soon as possible. And request you share information with us via email@example.com. To prevent a potential vulnerability being abused by others, we ask you use the following guidelines:
- Provide sufficient information (for example, a detailed description including IP addresses, logs, how to reproduce the vulnerability, screenshots, etc.) so that we can handle your message as effectively as possible.
- Do not share knowledge about the vulnerability with others, until the leak has been repaired.
- Do not abuse the vulnerability.
Once a vulnerability is reported, we will contact you within 5 workdays to make arrangements for a reasonable period of recovery and a possible coordinated publication of the vulnerability.
To date we have received the following comments for which thanks!
- By @MatteKlap on November 3, 2015 via Twitter "SSL has connection with RC4_128 for encryption?" (solved within a day)
- By anonymous on April 6, 2016 in response form of news report "the certificate of the intermediate CA not send, so Firefox does not trust the website" (resolved within 90 minutes)
- By Anonymous on April 6, 2016 in response form of news item "problem with mail server" (resolved within 13 hours)
- On April 11, 2016, NCSC pointed us to "improper use of email address created in 2014", reported via Twitter by @mramsmeets (research on this has been completed on April 25 and concerning four persons have been removed from our mailing list, on May 20 is also a message published)
- Notification 7 June 2016 by @marcodavids on Twitter: improvement possible with respect to IPv6 and protection against diversion to false IP addresses (DNSSEC) (resolved within half a day)
- Report 18 Aug 2017 by Jeffrey Harders regarding unsafe url iipvv.nl: proposal submitted by referral was also realized on 18 August by the National Government.