Responsible disclosure

Driessen Groep considers the security of its systems very important and therefore works every day to improve them. Nevertheless, it remains possible that a weak spot can be found in the systems. If you discover a weak spot, we would like to hear about it so that we can take immediate measures.

By making a report, you declare your agreement with the agreements below. Driessen Groep will handle your report as agreed.

What does Driessen Groep ask of you?

  • E-mail your findings to security@driessengroep.nl.
  • Provide sufficient information with the report, including:
    - the IP address or URL of the affected system;
    - explanation in the form of a roadmap on how to reproduce the problem;
    - Any screenshots.
  • Provide your report with your contact information so we can contact you with any questions.
  • Report a security breach as soon as possible after discovery.
  • Protect your own systems to the best of your ability.
  • Do not make the security problem public until it is resolved.

What actions are not allowed?

  • Viewing or downloading data from someone other than yourself.
  • Add, modify or delete data in our systems.
  • Exploiting weaknesses you discover.
  • Pushing into the system more often than necessary.
  • Sharing information obtained with third parties.
  • Making system changes.
  • Using brute force, i.e., trying out all possibilities to penetrate a system.
  • Using social engineering, or penetrating our system via a person.
  • Executing a (distributed) DoS attack on our services or systems.
  • Wittingly sending, uploading, linking to or posting malware.
  • Testing in a way that makes you harass other people. Think of having spam mail sent.

What can you expect from Driessen Groep?

  • Your report will be investigated. We will contact you shortly to go over the weaknesses you found. We would like to hear how you found them and discuss the follow-up actions we are taking.
  • We will solve the weaknesses you found.
  • We will fix the security issue you reported as soon as possible.
  • We expect you to follow the above rules. If it appears that you have violated the above rules, we may take legal action against you.
  • We will handle the information reported by you.
  • We will keep the information you provide confidential and will not share your personal information without your permission, subject to the law.
  • We may offer a reward of up to €500. The amount of the reward is not fixed in advance and depends on the nature of the report.