Responsible Disclosure - ChipSoft

Home
Organisation
- Our ambitions
- History
Solutions
News

Contact

At ChipSoft, we greatly value the security of our systems, products and network. We realize that, even though we take great care in our security, vulnerabilities can occur. Should you find such a vulnerability, we'd like to know. We'll make sure to fix it as soon as possible.

What we expect of you:

Please email your finding to responsible-disclosure@chipsoft.nl. You can encrypt your message with our PGP-key to prevent the information from falling into the wrong hands.
Don't misuse the vulnerability by downloading, editing or deleting data. We take each disclosure seriously and don't need 'proof' to research it.
Don't share your information with others until we've solved the problem.
Don't attack physical protections, use social engineering or use hacking tools such as vulnerability scanners.
Provide us with enough information to reproduce the problem, as to make the solution process as quickly as possible. Usually the IP or URL of the system in question and a description of the vulnerability is enough. However, in case of complex issues, more information could be necessary.

What you can expect of us:

We'll react to your disclosure within three working days, including an expected solution date. We'll keep you up to date afterwards about the progress of fixing the issue.
We fix the vulnerability as quickly as possible, depending on the impact, scope and severity of the issue.
If you adhere to the aforementioned expectations, we'll refrain from reporting you to the police.
As a sign of gratitude for protecting our systems, we'd like to reward your effort with some ChipSoft goodies and a reference on our wall of fame. This reward is dependent on the severity of the vulnerability and the quality of the disclosure.

ChipSoft would like to thank the following people for making a responsible disclosure report and for communicating a vulnerability in our ICT environment. This allows us to safeguard the security of our systems even more effectively.

Hall of fame:

Aman - d24b85f1-a335-46be-85f7-7472d917eb9c
Sovon Bhattacharya - 2c319392-2109-4eef-a06b-bd6c6d5e958b
MGous Khatik - 2hbd83rg-7201-g779-s798-11fbh7495ms3
Arjun E - 9h312257-2109-4nbf-b09a-tg6c6d6m625s
Zain Iqbal - ba2db7e9-dabf-471b-a3e5-c4c06ae05473
Nathan van Haaster - ccfb2644-2435-4ab6-9267-60846a28a864

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGh6K8sBEACz6+mvAbp+lRn7s+Nd6mEnWzq+6AdlhiJ2WeHhXnlJUnk7hHCy
WDdmfZ+ydvVRoHYfubWPxRLeXJJL259K13xhHtUstx7u9fd4URgZPvr/lDIzWctk
6V3Vs8cMOb9S4n+G7joeP+vgFWarz8k6iYWun6Pf5MN2t70jN/XtNgwJlqZlIjLc
gXIDbOlKsgHDi3EaOtWhUC5TO8Hy2lxgrVqnV3retGywHE99z4ykq5XujuPl5Oy5
WmXog2QZpYSAsovblTRFeFzmO8WNA+VNUCTyDIYwtmiqIR4fWqnebFQj5ZF5kO6F
OVCgb4WJitEMlxS9OJIB4lloRN7hPFdCqoiOgGi0KoM3d2mWuDNxqTnVLrQDYuml
ETthH5y8fhUNfXgW/YvobZOLmI82Jjymrwr8M5bfCCJ07nDmncs4a5ar0a3Fqqh7
f3hq9J+5oXX7NysYE+J+L2XNLPtkNVBl1pkeCiNlhHI+lMQEgHYpbiSXABlWTrAK
h8Rr63bSjSbaTK1muvIFuoUB5GxrV6R295lVjrQ2vRoXbVKTiZqexRguJPIrxaz5
/50PiaUYEm5OAwmGrthop9WfzdHbn3rk6s2lgov2GQZYF7pkbrMh+DcRwQepyHEa
Wzhk86WgYB+18N0l3L1A+URzmbBzItRl45/4id42iYe2rfw3jQQHMkHjwQARAQAB
tEpDaGlwU29mdCByZXNwb25zaWJsZSBkaXNjbG9zdXJlIDIwMjUgPHJlc3BvbnNp
YmxlLWRpc2Nsb3N1cmVAY2hpcHNvZnQuY29tPokCUwQTAQgAPhYhBBbQnMXghcjq
anUGtrpBgV9Wj4drBQJoeivLAhsDBQkDwlZVBQsJCAcCBhUKCQgLAgQWAgMBAh4B
AheAAAoJELpBgV9Wj4driPwP+NjR5efNGET1umyIMAdB1y4hv0EqRg9ngI33HZyX
QFI5adelB1sd9zLHuxjOOAltEWR8ueJvm3J97sC2k+mbTIynXpU37dtDIW+Wkg9C
9ipifCpuwOTtvEMSmfwe/L8O8qNKwvH+YFG/fJzF9zUYt1AdYdzO6yO3iEcL6ILz
WIUZjo3nyuUKHvBT9RCvstWeoEA/DCkEf36oPfhvC4fXNze3wwZ+qG1/h1p4dLXc
TEw97COIBq8bZ4cTsXuhWhG8PiqDaNuZ91Usr/yY+jRmBbngH4I3Vmm95C5tObDe
OHV3nPrybWir/0LMqpjGzsGBxm4L1S3GKbHuO5OwmGU+OU8FzCCmFs7trb42sb0e
arC27Ap051vtk5p1x0enl3VFpI4851uCWPPLq3zE3GxlX7HF7vka4bDFiwrXLMDB
pjQ0JkfOS8QPcgsI0+Ha/ayy8cg62s7PuP1FE0KcZGQCGKMIfokTvxS80qr2jG94
t9lZwnT1VeeUApj2QEnqplZN57JEll2b/Vzjw2jMFSd69JWcEQa5IHrDBd/JsM/C
/duSWRKLez0QREf/mVz67P313BqIKx4fzFnfReXNtsZ4CAt382A/8bdIhEvvW0wd
P1ZhI1hCI4r6YgYePQFKXYNyJU04KcjHgfg+Y0zCyzaKUgLnoSeB5TsM6odn/OAV
LLO5Ag0EaHorywEQAMXAvX2h9VHQP99YKfmWz3GSmdQA3fxnuqfYQpUTVSb/hEq7
/X+zpblu1Frcv26A4XtB8xnkslJ+qgfRo+/kjfkXm6iJG9DpaiNs/MayAwTxMxyE
XsJnh7gNHtyA8uQLsh5xY+IzNHZVP141zDmNPdNLsMbP5H4N1yybdLSNBqwVD3p5
wqAQQ55R06XZpOX5egT5ltsMikUxp3wMWTY9wX4lbZq8+rywJ3U+MO83sMxKb4ON
5QzrPBWGp8yBQQS1T56u+SXtG96f8PxlUPQVRjmPvkbPY81f+1/zpKdJqq9v/HLW
Fbv380MyWRvshseQgSVViYelQ7EbZXvMTTaN6NT7E02rrZGhSBUPGFq0Kz+GcpVM
0zonIuS4K+ff5Dkvpt1h+sH+OkPzjH2jmD7JiygBErbTNkvO8L5aS9iNSq8X2YUm
Rj82VnneNmhLw0dk2raLwqlpCeiv/kZ6Nh/EPqLSbAbux+sLdwyGRiti3jKVgYXd
XLcIFWrxN//cDlBLnZtLH3MOn36svEAsTBKJKTm5Uqhn9r9sLLvUmPnv55B/pY2o
xYkbBfi6C3LhyQflU3HnKGxx+lPKvVEEm5djZfYtsmgF4gCXZ4OedeIVmPHXvjQS
oTtDJcdDIIq02Ze0UYmyTKjrmD1HvjJr6NcBhsoF+3MTi5Nd85anXWrBe45DABEB
AAGJAjwEGAEIACYWIQQW0JzF4IXI6mp1Bra6QYFfVo+HawUCaHorywIbDAUJA8JW
VQAKCRC6QYFfVo+Ha9JGD/41/hwyZ973vljOzulsepL1tP6Ad1Fd0S19bZEMpy/8
1TLzqUE0ig718j7SYMxY2f09P+mQKe0S0KmmyTDjD5qXon1GSyQanl2J7ZFCpgaj
n/KN7xZAyqaR5QOsTWpqbgKHRtE+vMB4t1MwzlugM7NZZZPhvzreZSr/63RJT852
wKDq6Mw7qYn+Nlq2i31tasVdgEgnz52tc45x4VdhGITQB3PKype8nYeVquGvcCOj
vYD9vhEdFEBOSHWHzqa+IULoswvytM1KAdeP1bETa2g75mh7jO59dU/rR2Z5X937
fAy6bB98E2dzYhpSCwJ3vA97el0foDrAlA61/zVQKl13RmAtZD5ZL4Gu8kMMX7AR
RO2OslwTvQZ00oaIQ5vskzBhW4+mZtZTduepMF6qGz9gtwond4q52kqtUusQ31NY
hKMWVLpXm4HbuV7JzdW1VmFk5jKaRMVR2Fi3i2vGPq98IssSdGeh0YsO5r+zlI2j
f5BIwCdQX1hiMKQYEySbp+xjLNQsfe37iry9ER/W+B6KRlyhrZm6BZD9vVwCv6cD
D10ohlZFrszMTBdVb6uon4dZAZW4LGwo8up4+Wz43V1en5C9c0q30wQpqBSE/7QB
kxso4dYQPYPvFUn1Bd+WivbD7wsb1zCLy/TVY/YE925dOYqyoBgkFWmL0VsqaIh1
dg==
=1Bsz
-----END PGP PUBLIC KEY BLOCK-----