ChipSoft - Responsible Disclosure International

At ChipSoft, we greatly value the security of our systems, products and network. We realize that, even though we take great care in our security, vulnerabilities can occur. Should you find such a vulnerability, we'd like to know. We'll make sure to fix it as soon as possible.

What we expect of you:

Please email your finding to responsible-disclosure@chipsoft.nl. You can encrypt your message with our PGP-key to prevent the information from falling into the wrong hands.
Don't misuse the vulnerability by downloading, editing or deleting data. We take each disclosure seriously and don't need 'proof' to research it.
Don't share your information with others until we've solved the problem.
Don't attack physical protections, use social engineering or use hacking tools such as vulnerability scanners.
Provide us with enough information to reproduce the problem, as to make the solution process as quickly as possible. Usually the IP or URL of the system in question and a description of the vulnerability is enough. However, in case of complex issues, more information could be necessary.

What you can expect of us:

We'll react to your disclosure within three working days, including an expected solution date. We'll keep you up to date afterwards about the progress of fixing the issue.
We fix the vulnerability as quickly as possible, depending on the impact, scope and severity of the issue.
If you adhere to the aforementioned expectations, we'll refrain from reporting you to the police.
As a sign of gratitude for protecting our systems, we'd like to reward your effort with some ChipSoft goodies and a reference on our wall of fame. This reward is dependent on the severity of the vulnerability and the quality of the disclosure.

ChipSoft would like to thank the following people for making a responsible disclosure report and for communicating a vulnerability in our ICT environment. This allows us to safeguard the security of our systems even more effectively.

Hall of fame:

Aman - d24b85f1-a335-46be-85f7-7472d917eb9c
Sovon Bhattacharya - 2c319392-2109-4eef-a06b-bd6c6d5e958b
MGous Khatik - 2hbd83rg-7201-g779-s798-11fbh7495ms3
Arjun E - 9h312257-2109-4nbf-b09a-tg6c6d6m625s
Zain Iqbal - ba2db7e9-dabf-471b-a3e5-c4c06ae05473
Nathan van Haaster - ccfb2644-2435-4ab6-9267-60846a28a864

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQGNBGHoHE4BDACjA3Nkosk01+oYWH3ue7GkZ6MnvLeGiJuwdL+fYQ9EeToJLl2e

4dqbjXH1unXepqeYkzq/6ry0edglAhV+XjCK+O6BS9w+QKCBjGWaSS1hnscG9Yf4

9KPPLdmVgbLzOKYZLsl9zz6UF4PGe2P7FUyA/UQqyWm/QsEqQcnVphmL1T6OMLFj

gSX7Mo1Y4v7vmyValANs6goUt7iZ/cLhqFx2zxjirNfrreomeaOITezrXl/44qA3

zOKt6s7pY2PWiyAGrErfl+DudRLBL0uddkgmT+sRFL8J2gXTmI6s7W/lyNZcf7du

7KHoaD5yKX4/Fzu6oOKNzeVB3//BgkMk8C1PbY5BeTzkj1nEiZxJ21RwPY6sYOxK

osJRtkK0UApv+dy0COdfUw3Ijv/LVpF4T0NglUwKzqfwaWZJC4PHvUV/04796+tT

ZTyKC/eE5Axh9ULvzyylr3P1pOU4/obR4qY1Xi8yKAnFGhtV6QdK7M+AfXK40SCf

qQ/WBwMTxQnftisAEQEAAbRJQ2hpcFNvZnQgcmVzcG9uc2libGUgZGlzY2xvc3Vy

ZSAyMDIyIDxyZXNwb25zaWJsZS1kaXNjbG9zdXJlQGNoaXBzb2Z0Lm5sPokB1AQT

AQgAPhYhBIkNqpPBxjPEzyEzAk7X83MWs1xSBQJh6BxOAhsDBQkDwjniBQsJCAcC

BhUKCQgLAgQWAgMBAh4BAheAAAoJEE7X83MWs1xSz6EL/j/uam1xNPDkLo9KW3gO

eIWBC9AKusTeYuDSaRBHAy0C9wWQdbGzu0CG6m3iHq9PzUGraQ5Qe4myNlDx5WAi

heojGyj/LSvYLN/B7QMpvwMURAEIaxLP37WFGrxE1/yui5Oacva0gfAyP8OMRRDO

W0oWZ0k4knVEa+tU9ylrOPdz6g+MBgKaBBrqRHuHGmiNqSVoty1+CfO8bLmcxq95

DjYbO2Sjkn6dcsBQ0OggS8Hhh6w2aqv6PBnjjDWNr3xDsavuEbU9jiew1obrSr1x

mkMTgWwqn/I+97K+PYdeWkZFTYmi/ZxUW7XH1OR5AOcOQbxDDVCm/JrHqdluRgxz

vdQVSnpCqg5KquGyiwLiUCJmGmJo9TfYVsrcL1zfgYcTVBw1iHo80ozV/FsZzg50

pc+9ndXxvwyZUe6m5MXcaOsQRfFHAIbvlgr+eBxoUK4mXGtfilmTmmB8IQ1xd7ue

FZT1iLyyCbB4UloaElEMIY9qm9Jnis6i7Nu7foC2yWA9arkBjQRh6BxOAQwAxXZP

tZaID+thHWixN62BOm6ymPJuezfxkGS8tipPcblnPuyq7SvYCbCQdReWKfy2Nhcc

9R+y1e4SLkySzjxEOFAIBTOk6br8YSbDgx4uOrVil/kuoF7K3DVS0bnwb/Mi2CpQ

8+D62YmPvQA11UbOFgBsIQW/b7DJndyMnAco/+GA78Carwbf0p2mXnWWow0eYlG8

nq0I+iuvbAQw5dxax316wUpE7WrQDbKCGiN6kwVsouVAdIPGxMYi326lILrClbaP

3yYy2b5/Vo2bTOEHu4CzilZPOCURhc8JLTy2S5f/WpSMvDCGkmDYQ3e7NFfEbv6g

GeVGmksczV7HgAY8plYBzQHP8sZ5B2rE+z5w52FRwynrq1G4xYTR/SgDSJcC7geE

67wYMGWH8wtQZvnyc/XMlj6OadA1zbkmg0WELOl9sxm9u1VLAYCdJYv7cXtFJlM8

1OoRYw/lWk/Jgl76jp/gQJYpINl0BEINH04RzFPtGbd1rLlQXWl7+qNOjUwHABEB

AAGJAbwEGAEIACYWIQSJDaqTwcYzxM8hMwJO1/NzFrNcUgUCYegcTgIbDAUJA8I5

4gAKCRBO1/NzFrNcUtSpC/4lbQlwlfU3Rof559xEiHZJnbzBOZcyGz2yWnVcytCo

gtZsiUnQOF95ZmOg9vwFUukVnthHCyuoKcdrf10nM2xk9RcCIajXozhvJz+fh6GV

Q/yHHFTOs83K19u9B3dJvq/VMI6eJp5pJOhtcXm4Gku5ODK8EjLRkNGEQQirKz7e

rNes9l08mVchVsfzUU5utJc2+40kQfn+ukCyvQqia4wTxbpCd884IwuERJKWfrU7

NKo4Rg7LqOi5bGmVHhsBY4Zf1dSq8aK+8Sv0Dcnteg4lnUnPQctemLYyXtF6vBQN

Q/qbMcjCe0CaqzcoGTsvO+oCb0Riik3icQPAHPwkEyHAgPpmoDVL+PHCKhnBed0H

O+KHl3NbnD+o2erRE+CYdV2rfZpUo4Iv+sCTXUGMantBfxp5TQ5Xo5OwXfNtNBAf

gFqKkHpXOGWz2FUa3EXuuMmgioFVJyuWVpRF5KyWJ4UJMzfNK8YnMmJonl4ITYyu

dIdogfFgY7DtoeIr5yIxzKM=

=Xo4x

-----END PGP PUBLIC KEY BLOCK-----