Get in touch

Responsible disclosure

Despite careful security measures, it is possible that a vulnerability exists in one of our systems. If you discover a weakness, we greatly appreciate you reporting it to us so we can take swift and appropriate action.

Vulnerabilities may come to light in different ways, for example, by accidentally encountering them during normal use of our digital services, or by actively investigating potential weaknesses.

Our responsible disclosure policy is designed to enable responsible reporting of security issues. It is not an invitation to actively or extensively scan our network for vulnerabilities. We continuously monitor our systems through a Security Operations Centre (SOC). Active scans are likely to be detected and may trigger unnecessary investigations and costs.

Guidelines for reporting a vulnerability

We kindly ask you to adhere to the following:

  • Report your findings via security@visser-visser.nl;

  • Do not exploit the vulnerability, e.g., by downloading more data than necessary to demonstrate the issue, or by viewing, changing, or deleting data from others;

  • Do not share the issue with third parties until it has been resolved;

  • Do not carry out attacks such as physical access, social engineering, DDoS, spam, or third-party application abuse;

  • Provide sufficient information to reproduce the problem, such as a URL, IP address, description of the vulnerability, and technical context if applicable.

What you can expect from us

  • You will receive a response within three business days, including an assessment and estimated resolution date;

  • If you follow the guidelines above, we will not take legal action against you for the report;

  • We will treat your report confidentially and will not share your personal data without your consent;

  • We will keep you informed about the progress of resolving the issue;

  • If publicly disclosed, we will credit you as the discoverer (unless you request otherwise);

  • As a token of our appreciation, we may offer a reward for any report of a previously unknown vulnerability. The reward amount depends on the severity and quality of the report, with a minimum value of €50 in gift vouchers.

We aim to resolve all issues as quickly as possible and are open to jointly publishing the issue once it has been resolved.