Responsible disclosure

Responsible disclosure

Do you see a weakness in our IT systems? If so, always contact us as soon as possible. Don't wait.

Responsible disclosure
Reconi is committed to providing secure online services. Despite all the care and effort, situations may arise where there is a vulnerability. Are you knowledgeable and discover a vulnerability in our systems? Then help us by reporting this vulnerability to us. This way, together we can improve the security and reliability of our systems.

What can you report?
You can report problems related to the security of services Reconi offers over the Internet. If you have found a vulnerability or weakness, please report it to us as soon as possible.

How to submit a report
You can submit your report by email at responsible.disclosure@reconi.nl. In your email, make it briefly and concisely clear what vulnerability you have found, specifically:

  • What steps you went through
  • Which is the full URL
  • Which IP addresses
  • What, if any, objects are involved (e.g., which input fields or filters)
  • Screen prints are welcome

Can I report a vulnerability anonymously?
Yes, you do not have to give your name and contact information when you report a vulnerability. Please note, however, that we will then not be able to discuss the next steps with you.

What will we do with your report?
Our specialists will read your report and get to work on it. You will be contacted within 2 business days with an initial response and to make arrangements for the next steps. Do not make the problem public, but talk to our specialists and give them time to solve the problem.

Your privacy
We use your personal data only to take action on your report. We will not give your personal data to others without your permission, unless we are required by law to give up your data. Or if we engage another company to further investigate your report. In that case, we will always ensure that they, in turn, also keep your data confidential in the same way as we do. We remain responsible for your data even then.

The Rules of the Game
In the course of the investigation, you could potentially commit acts that are punishable. If you act in good faith, carefully and according to the stated ground rules, there is no reason for Reconi to report you. Therefore, please follow the rules set out in these responsible disclosure regulations:

  • While investigating the vulnerability found, make sure you do not do any damage.
  • Do not use social engineering to gain access to a system.
  • Under no circumstances should your inquiry result in an interruption of our services.
  • Under no circumstances should your research result in disclosure of organizational or client information.
  • Don't put a backdoor in a system. Not even to demonstrate vulnerability.
  • Do not modify or delete data in the system. Does the research require copying data from the system? If so, never copy more data than necessary. If 1 record is sufficient for your research, do not continue.
  • Do not make any system changes.
  • Do not attempt to invade a system more often than necessary. If you are successful in penetrating a system, do not share access with others.
  • Do not use bruteforce techniques (repeatedly trying passwords) to gain access to systems.
  • Do not use techniques that may affect the availability of our services.

Other conditions
We can only accept reports written in Dutch or English.

Differing international regulations
We recommend that you take into account country-specific legislation. Do you live abroad and find a vulnerability? Please realize that our Responsible Disclosure policy does not apply in every country. Thus, you may still be in trouble with the law, even if we do not report the vulnerability to the law.