Avoid in any case the following acts:
- Installing malware.
- Copying, changing or deleting data in a system (an alternative to this is making a directory listing of a system).
- Making changes to a system.
- Repeatedly accessing the system or sharing access with others.
- Using so-called "brute force" to access systems.
- Using denial-of-service or social engineering.
What you can expect:
If you comply with the conditions above when reporting the observed vulnerability in an IT system of KeyPact, KeyPact will not attach any legal consequences to this report!
KeyPact handles a report confidentially and does not share personal details with third parties without permission from the reporter, unless this is mandatory by virtue of a judicial decision.
In mutual consultation, KeyPact can, if you desire, mention your name as the discoverer of the reported vulnerability on our hall of fame.
KeyPact will send you a confirmation of receipt within one working day.
KeyPact responds within three working days to a report with an assessment of the report and an expected date for a solution.
KeyPact keeps the reporter up-to-date on the progress made with solving the problem.
KeyPact solves the security problems observed by you in an IT system or product as quickly as possible, but no later than within 60 days. In mutual consultation, whether and in what way the problem will be published, after it has been solved, is determined.
KeyPact offers a reward as thanks for help.
Depending on the seriousness of the security problem and the quality of the report, the rewards are financial benefits or gift cards up to maximum of USD 5.000 in gift vouchers or cheques.
It must concern a serious problem that is unknown to KeyPact.