Responsible Disclosure

🛡️ Introduction

At MITE3, we strive for a high level of security in our ICT systems. However, vulnerabilities can still occur. We greatly appreciate your help in identifying and reporting them responsibly.

This procedure is based on the Responsible Disclosure guideline from the Dutch National Cyber Security Centre (NCSC).

🕵️‍♂️ Found a Vulnerability?

Have you discovered a weakness in one of our systems? Please let us know as soon as possible via [email protected]. We’re happy to work with you to resolve the issue safely and quickly.

📋 What We Ask From You

• Email your findings to [email protected]
• Provide sufficient information to reproduce the issue, such as a URL, IP address, and a brief description
• Include a way to contact you (e.g., email address or phone number), so we can coordinate a solution
• Report the vulnerability as soon as possible after discovery
• Do not share your findings with others until the issue has been resolved
• Act responsibly with the knowledge: demonstrate the issue exists without causing further harm

🚫 What You Are Not Allowed to Do

To enable safe research without legal risks, the following actions are explicitly prohibited:

• Installing malware
• Copying, modifying, or deleting data
• Making changes to systems
• Accessing systems repeatedly or sharing access with others
• Brute-forcing access (using automated login attempts)
• Conducting Denial-of-Service attacks
• Using social engineering techniques (such as phishing or deceiving employees)

✅ What You Can Expect From Us

If you adhere to the above conditions:

• No legal consequences will be associated with your report
• You will receive an acknowledgment within 3 business days
• You will receive a substantive response within 5 business days, including an assessment and expected resolution timeframe
• We will keep you informed of the progress
• We will resolve the issue as soon as possible, no later than 90 days
• With your consent, you may be credited as the discoverer, for example in our Hacker Hall-of-Fame
• Your report will be treated confidentially and your personal data will not be shared with third parties (unless legally required)

🎁 Reward

Depending on the severity of the security issue and the quality of your report, we may offer an appropriate reward. This could range from a T-shirt to a maximum of €100.

Conditions:

• The vulnerability must be new and significant
• The vulnerability must not relate to up-to-date, off-the-shelf software or cloud services we use
• You must enable us to verify the issue

📨 Submit a Report

Send your report to [email protected]. Please include the following if possible:

Contact information:

• Name or nickname
• Email address

Technical details:

• IP address(es)
• Domain name / URL
• Relevant headers or payloads (if applicable)

Description of the vulnerability:

• Explanation of the issue
• Risk or potential impact
• Any proof-of-concept
• Suggestions for a fix

📄 For more information, see our security.txt file:
https://mite3.nl/.well-known/security.txt

🏅 Hacker Hall-of-Fame

We are grateful to the security researchers who contribute to our digital safety. Below is an overview of valid vulnerability reporters who have been included in our Hall-of-Fame with their permission.

Have you discovered a vulnerability? Please follow the reporting procedure above – we’d be happy to recognize your contribution.