Coordinated Vulnerability Disclosure (CVD)

At Polpo, we take the security of our systems very seriously. Despite our efforts to ensure security, it is possible that a vulnerability may still exist. If you discover a weakness in one of our systems, we kindly ask that you report it to us as soon as possible so we can take appropriate measures.

How can you report a vulnerability?
Reports can be sent confidentially to: legal@polpo.nl

When reporting, please include a clear description of the issue, including where possible:
– The URL or system where the issue occurs;
– A brief explanation of the vulnerability and its potential impact;
– Any steps to reproduce the issue.

What can you expect from us?
– We treat your report confidentially and will not share any personal data without your consent.
– We will contact you within a maximum of 5 working days regarding the assessment and progress.
– We will resolve the issue as quickly as possible and keep you informed.

Responsible disclosure
– We ask that you:
– Do not misuse the vulnerability;
– Do not copy, alter, or delete data of others;
– Do not use systems or methods that pose a risk to availability or integrity (such as DDoS, social engineering, or brute force attacks).

.