At NT-ware, we view the security of our IT systems seriously and value the security community. Disclosure of security weaknesses helps us to safeguard the security and privacy of our users by acting as a trusted partner. This policy underlines the requirements and mechanisms of NT-ware’s IT Systems and Product Vulnerability Disclosure. It enables researchers to report security vulnerabilities safely and ethically to the NT-ware IT Operations team.
This policy applies to everyone i.e. to NT-ware employees and any party associated with NT-ware.
The NT-ware IT Operations Team is committed to protecting NT-ware's customers and employees. As part of this commitment, we invite security researchers to help protect NT-ware by proactively reporting security vulnerabilities and weaknesses. You can report the details of your finding(s) to: firstname.lastname@example.org
Domains in scope
The table below lists all domains included as part of the NT-ware Vulnerability Disclosure Policy.
uniFLOW Online product in scope
For more information, click here: NT-ware and uniFLOW Online DNS and IP addresses
Reporting a vulnerability
You can report weaknesses to us by email: email@example.com stating concisely what weakness(es) you have found with as much detail as possible together with any evidence you might have. N.B. be aware that NT-ware security specialists will review the message.
Please include the following information in your email:
What is not acceptable?
What do we do with your report?
NT-ware IT Operations Team will investigate your report and contact you within five working days.
We will only use your personal details when considering what action to take based on your report. We will not share your personal information with others without your express permission.
Potentially illegal actions
If you discover a weakness and investigate it, you should be aware that you might perform actions punishable by law. Provided you follow the rules and principles below when reporting weaknesses in our IT systems, NT-ware will not report your offense to the authorities and will not submit a claim.
However, you need to know that the public prosecutor's office – not NT-ware – may decide that you should be prosecuted, even if NT-ware has not reported your offense to the authorities i.e. NT-ware cannot guarantee that you will not be prosecuted if you commit a punishable offense when investigating a weakness.
The National Cyber Security Centre of the Ministry of Security and Justice Netherlands has created guidelines for reporting weaknesses in IT systems. NT-ware’s rules are based on these guidelines. (Home - National Cyber Security Centre)
Take responsibility and act with extreme caution. When investigating the matter, only use methods or techniques necessary to find or demonstrate weaknesses.
You must not:
Frequently asked questions
Will I receive a reward for my investigation?
No, you will not receive any compensation.
Am I allowed to publicize the results of my investigation?
Never publicize weaknesses in NT-ware IT systems and products or your research without consulting us first via email: firstname.lastname@example.org. Please consult with our IT Operations Team to work together towards publication so that we can collaborate to prevent third parties/ criminals from abusing this information.
Can I report a weakness anonymously?
Yes you can. You do not have to disclose your name and contact details when you report a weakness. Please realize, however, that NT-ware will be unable to consult with you regarding follow-up actions or further collaboration.
What shouldn't I use this email address for?
The email: email@example.com is not intended for the following: