Studio Seb van den Brink

Studio
Seb van den Brink

Responsible Disclosure

Sebas van den Brink thinks the safety of the website is very important. Despite our best efforts to ensure its security, it is possible there is a breach or one has come into existence.

Did you find that the website’s safety has been compromised on sebvandenbrink.com or one of our other websites? Or did you stumble upon a security breach by accident during normal use of this website? Or did you search for weaknesses on purpose? Please let us know so we can take appropriate steps.

This is not an invitation to scan and test this website, obviously. Let us do that.

However, we do want to work with you to ensure the safety of our website even better.

We ask of you:
  • To email your discovery as soon as possible to hallo@sebvandenbrink.com.
  • To provide enough information so we can reproduce the problem and quickly fix it, usually an IP-address or the URL, or a description of the vulnerability is enough. However, with more complex vulnerabilities more detailed information may be necessary.
  • To not perform tests that use attacks on physical security, social engineering or third party applications.
  • To not perform brute force or denial of service attacks.
  • To not exploit the vulnerability to, for instance, change or remove data or to place malware. We always take your discovery seriously and we will investigate every suspicion of vulnerabilities.
  • To not share the problem with others until we have solved it.
  • To not copy data from our system(s), unless absolutely necessary to show the vulnerability.
  • To leave behind contact information (email and phone number) so we can contact you to work together on a safe fix.
We promise:
  • To respond within three working days to your discovery with a response to the discovery and an expected solution date.
  • To handle your discovery with confidentially: We will not share your personal data without your consent. The exception being police and the justice department, if the suspicion arises of foul play.
  • To keep you up-to-date on the fix.
  • To give credit where credit is due, by name, to you, the discoverer, if you so wish.
  • To not prosecute you for accidentally stumbling on a security vulnerability. As long as you play by the rules and you handle in the spirit of responsible disclosure, we will not press charges against you.
  • To offer you a reward as a thank you for every discovery of an unknown security vulnerability to us. The size of the reward is determined by the size and severity of the vulnerability and the quality of the report sent to us. With a maximum of 100 euro’s in gift cards.