Report a Security Breach (Coordinated Vulnerability Disclosure -CVD)
At EDSN, we place great importance on the security of our systems and data. Despite our efforts, vulnerabilities may still exist. We invite you to collaborate with us in improving our digital security.
What is a security breach?
A security breach, also known as a vulnerability, is a weak spot in a system, application, or network that can be abused by an attacker. Exploiting security breaches can lead to security risks. In the worst case, systems can fail (availability), data in a system can be changed (integrity) or data can become accessible to people who are not authorized to do so (confidentiality).
How do I report a security breach?
You can report a (suspected) vulnerability to EDSN via the form at the bottom of the page or by sending an email to [email protected].
Please include in your report:
- A clear description of the issue
- Steps to reproduce the issue
- Your contact details (preferably an email address for communication)
We ask you to:
- Avoid misuse of the vulnerability, for example by not downloading more data than necessary to demonstrate the issue, and by not accessing, deleting, or modifying third-party data.
- Refrain from sharing the issue with others until it has been resolved, and delete any confidential data obtained through the vulnerability once we have acknowledged your report.
- Provide sufficient information to reproduce the issue so we can resolve it as quickly as possible. For complex vulnerabilities, additional information may be required. We will contact you if needed.
Our commitments:
- You will receive an acknowledgment and initial response within three working days. We will keep you informed of progress and involve you in the resolution process if necessary.
- If you have adhered to the above conditions, we will not take legal action against you regarding the report.
- We will treat your report confidentially and will not share your personal information with third parties without your consent, unless required by law. Reporting under a pseudonym is possible.
- In communications about the reported issue, we will, if you wish, credit you as the discoverer.
- EDSN does not offer financial rewards or other compensation for vulnerability reports. However, your contribution is highly valued and may be publicly acknowledged, for example in a Hall of Fame.
We strive to resolve all issues as quickly as possible.
What do we do with your data?
Read more about how we handle your data in the privacy statement.