Responsible disclosure

At Sigmax, the security of our systems is very important to us. Despite our care for the security of our systems, it may still happen that there is a weakness. If you have found a vulnerability in one of our systems, we would like to hear about it so that we can take action as soon as possible. We would like to work with you to better protect our customers and our systems.

✓ email findings to SecurityOfficer@sigmax.nl

✓ encrypt findings with our PGP key to prevent the information from falling into the wrong hands;

✓ do not misuse the problem by, for example, downloading more data than necessary to demonstrate the leak or accessing, deleting or modifying third-party data;

✓ not to share the problem with third parties until it is resolved and to delete all confidential data obtained immediately after the leak is closed;

✓ not use physical security attacks, social engineering, distributed denial of service, spam or third-party applications;

✓ provide sufficient information to reproduce the problem. Usually the IP address or URL of the affected system and a description of the vulnerability is sufficient, but more may be required for more complex vulnerabilities.

✓ Respond to your report within three days with our assessment and an expected date for resolution;

✓ not take any legal action against you regarding the report if you have complied with the above conditions;

✓ treat your report confidentially and will not share your personal information with third parties without your consent from you, unless necessary to comply with a legal obligation. Reporting under a pseudonym is possible;

✓ keep you informed of the progress of resolving the problem;

✓ identify your name, if you wish, in communications about the reported problem.

We strive to resolve any problems as quickly as possible, and we would be happy to be included in any publication about the problem after it is resolved.