• Goedkoopste van Nederland
  • Alles online
  • 8 op Zorgkiezer
    • 4
    • 4
    • 4
    • 4
    • 4
Icon ZoekenZoeken
naar: Contact opnemen met VinkVink

Responsible disclosure English

Are you a specialist in information security and have you discovered a vulnerability? Please report it to us so that we can take appropriate measures. We are happy to work with you!

Help improve online security

At VinkVink, the protection of customer data is paramount. That is why we continuously work on the availability and security of our systems, network, and products. Despite our efforts to secure our systems, they may still contain vulnerabilities.

If you are knowledgeable in the field of information security and have discovered a potential vulnerability, please report it to us so that we can promptly take appropriate measures. We are eager to collaborate with you to better protect our customers and our systems.

Our Responsible Disclosure policy (hereinafter referred to as the RD policy) is not an invitation to actively scan our corporate network for weaknesses. We have taken measures to address this ourselves. If you do so, there is a high chance that our Security Operations Centre (SOC) will investigate it.

Reporting a vulnerability

If you have found a vulnerability, you can email your findings to rd@vinkvink.nl. Upon receiving your report, it will be handled as follows:

  • You will receive an acknowledgment of receipt within three business days of the report.
  • Within five business days of the acknowledgment, you will receive a response containing an assessment of the report and the expected date of resolution. We strive to keep you informed of the progress in the meantime.
  • VinkVink treats your report confidentially and will not share your information with third parties without your permission, except where required by law or a court order.
  • We will jointly determine whether and how the reported problem will be disclosed. Disclosure will only occur after the problem has been resolved. In the disclosure regarding the reported problem, VinkVink may, if desired, mention your name as the discoverer.
  • By reporting a vulnerability, you may share personal data with VinkVink. VinkVink will not retain this data longer than necessary for this specific purpose and will delete it no later than one month after the issue has been resolved.

Guidelines

During your research, you may perform actions that could be considered illegal. If done in good faith and with good intentions, there is no reason for VinkVink to file a complaint or claim damages. Therefore, we kindly request that you follow the guidelines below and act responsibly:

  • Do not share the discovered problem with others until it has been resolved, and immediately delete any confidential data obtained through the vulnerability after the vulnerability has been addressed.
  • Provide us with as much information as possible about how and when the vulnerability occurs. Clearly describe how this problem can be reproduced and provide information about the method used and the time of investigation.
  • Handle the knowledge of the security issue responsibly.
  • Do not perform actions that go beyond what is necessary to demonstrate the security issue.
  • Do not abuse the vulnerability by, for example, downloading more data than necessary or accessing, deleting, or modifying third-party data.
  • Share your contact information (email address or phone number) with us so that VinkVink can contact you regarding the assessment and progress of the vulnerability's resolution.
  • Do not make any changes to the system.
  • Do not use social engineering to gain access to a system.
  • Try to access the system only when necessary.
  • Do not use brute force techniques to gain access to the systems.
  • Secure your own system as effectively as possible.

The email address provided in this RD policy is not intended for:
Reporting that our website or any of our services are unavailable.
Reporting complaints. These can be reported through the complaints chat.
If you have received a fake email (phishing), report it via VinkVink's chat.
Reporting HTTP security headers-related matters, such as:

  • Strict-Transport-Security
  • X-XSS-Protection
  • Content-Security-Policy
  • Reporting cache purge opportunities
  • Report visibility of Google API keys

Employees of VinkVink and its affiliated companies follow the existing internal incident procedure for reporting vulnerabilities.

National Cyber Security Center (NCSC)

This policy is based on the Responsible Disclosure Guideline established by the NCSC of the Ministry of Security and Justice.

Last modified Responsible Disclosure policy: June 2023

VinkVink maakt gebruikt van cookies

Functionele cookies zijn nodig voor de werking van onze websites en apps en worden daarom altijd geplaatst. Analytische cookies helpen ons om inzicht te krijgen in hoe de website wordt gebruikt, zodat we de website kunnen verbeteren. Met deze beide cookies worden geen persoonsgegevens verzameld.
Cookies voor marktonderzoek en marketing plaatsen we alleen met jouw toestemming. Hiermee weten we bijvoorbeeld welke pagina’s je bekijkt op onze website; ook vergoedingenpagina’s. Met deze informatie kunnen we onze website, advertenties op social media en e-mails afstemmen op jouw voorkeuren. Op pagina's met informatie over vergoedingen en in onze MijnOmgevingen plaatsen wij geen pixels van social media platformen. 
Klik je op ‘Accepteren’ dan plaatsen we alle cookies. Klik je op ‘Weigeren’ dan plaatsen we functionele en analytische cookies. Klik je op ‘Instellingen’ dan kun je zelf kiezen welke cookies we plaatsen, of je toestemming wijzigen of intrekken. Meer informatie vind je in onze Cookiepolicy.

Instellingen