At Hoplr, we consider the security of our systems to be very important. Despite our concern for the security of our systems, it is possible that there is still a weakness.
That is why we have a responsible disclosure policy for which we collaborate with the platform Intigriti.
The security researchers who log in to Intigriti can investigate certain parts of our systems and report potential bugs through this platform.
If you have found a vulnerability in one of our systems, please report it so we can take measures as soon as possible.
We would like to work with you to better protect our users, customers and our systems.
Do not abuse the problem by, for example, downloading more data than is necessary to demonstrate the leak or to view, delete or adjust data from third parties,
Do not share the problem with others until it is resolved and erase all confidential data obtained through the leak immediately after the leak is closed,
Not to use attacks on physical security, social engineering, distributed denial of service, spam or third-party applications,
Provide sufficient information to reproduce the problem so that we can resolve it as soon as possible. Usually, the IP address or URL of the affected system and a description of the vulnerability is sufficient, but more complex vulnerabilities may require more.
What we promise
We will respond to your report as soon as possible with our review of the report and an expected resolution date,
If you have complied with the above conditions, we will not take legal action against you regarding the report,
We treat your report confidentially and will not share your personal data with third parties without your permission, unless this is necessary to comply with a legal obligation. Reporting under a pseudonym is possible,
We will keep you informed of the progress of solving the problem,
In reporting on the issue, we will, if you wish, state your name as the discoverer.
We strive to resolve all issues as quickly as possible and are happy to be involved in any publication about the issue after it has been resolved.
This text is a derivative work of Floor Terra's "Responsible Disclosure", used under a Creative Commons Attribution 3.0 license.