Responsible Disclosure
The responsible disclosure policy applies to the following systems:
- www.fundaments.nl
- portal.fundaments.nl
- ots.fundaments.nl
Subdomains are excluded from this policy.
We would like to collaborate with you to enhance the safeguarding of our customers and systems.
We ask you
- Kindly submit your findings via email to sec@fundaments.nl;
- Kindly refrain from exploiting the identified issue, including excessive data downloading to demonstrate the vulnerability or accessing, modifying or deleting third party data;
- Kindly refrain from disclosing the issue to others until it has been resolved, and ensure the prompt deletion of any confidential data obtained through the vulnerability immediately after it has been addressed;
- Kindly refrain from utilizing attacks on physical security, engaging in social engineering, participating in distributed denial of service activities, sending spam, or exploiting third party applications;
- Kindly provide adequate information to replicate the problem for a prompt resolution; in the majority of the cases, providing the IP address or URL of the affected system along with a detailed description of the vulnerability is sufficient. However, additional information may be required for more complex vulnerabilities;
- Submissions must originate from human research and analysis; reports generated or written by automated tools will not be accepted.
We promise
- We aim to respond to your report within three working days, with our assessment of the report and an expected date for resolution. For reports that are trivial or of low impact, no feedback will be provided and no further follow-up will take place;
- We handle your report with utmost confidentiality and will not disclose your personal information to third parties without your explicit consent, unless necessary to fulfill a legal obligation; Reporting under a pseudonym is possible;
- We keep you informed about the progress in resolving the issue;
- In our communication concerning the reported issue, we, upon request, acknowledge your name as the discoverer;
- We may reward you for your investigation, but we are not obliged to do so. This means that you are not automatically entitled to compensation. The form of this reward is not determined in advance and will be decided by us on a case-by-case basis. Whether we offer a reward and the form it takes will depend on the thoroughness of your investigation, the quality of the report and the severity of the vulnerability;
- As an expression of gratitude for your assistance, we offer a reward for each report on an unknown security issue. The reward is determined by the severity of the flaw and the quality of the report;
- Should you comply with the above conditions, we will not take any legal action against you regarding the reported issue.
Not in scope
Fundaments does not reward trivial vulnerabilities or bugs that cannot be exploited. Below are examples of known vulnerabilities andaccepted risks that fall outside the scope of the above policy:
- HTTP 404 codes or other non-HTTP 200 codes
- Clickjacking on pages without a login function
- Absence of SPF, DKIM and DMARC records
- Reporting older software versions without proof of concept or working exploit
This responsible disclosure policy is based on an example written by Floor Terra and the NCSC's Responsible Disclosure Guidelines.
Necessary cookies help make a website more usable by enabling basic functions such as page navigation and access to secure areas of the website. Without these cookies, the website cannot function properly.
www.fundaments.nl
The cookie is linked to a bundle of cookies that serve to retrieve and display content. These cookies maintain the correct state of font, blog, photo, slides, colour themes, and other website settings.
www.fundaments.nl
The cookie is linked to a bundle of cookies that serve to retrieve and display content. These cookies maintain the correct state of font, blog, photo, slides, colour themes, and other website settings.
www.fundaments.nl
The cookie is linked to a bundle of cookies that serve to retrieve and display content. These cookies maintain the correct state of font, blog, photo, slides, colour themes, and other website settings.
www.fundaments.nl
The cookie is linked to a bundle of cookies that serve to retrieve and display content. These cookies maintain the correct state of font, blog, photo, slides, colour themes, and other website settings.
www.fundaments.nl
The cookie is linked to a bundle of cookies that serve to retrieve and display content. These cookies maintain the correct state of font, blog, photo, slides, colour themes, and other website settings.
www.fundaments.nl
The cookie is linked to a bundle of cookies that serve to retrieve and display content. These cookies maintain the correct state of font, blog, photo, slides, colour themes, and other website settings.
www.fundaments.nl
The cookie is linked to a bundle of cookies that serve to retrieve and display content. These cookies maintain the correct state of font, blog, photo, slides, colour themes, and other website settings.
www.fundaments.nl
The cookie is linked to a bundle of cookies that serve to retrieve and display content. These cookies maintain the correct state of font, blog, photo, slides, colour themes, and other website settings.
www.fundaments.nl
The cookie is linked to a bundle of cookies that serve to retrieve and display content. These cookies maintain the correct state of font, blog, photo, slides, colour themes, and other website settings.
www.fundaments.nl
The cookie is linked to a bundle of cookies that serve to retrieve and display content. These cookies maintain the correct state of font, blog, photo, slides, colour themes, and other website settings.
www.fundaments.nl
The cookie is linked to a bundle of cookies that serve to retrieve and display content. These cookies maintain the correct state of font, blog, photo, slides, colour themes, and other website settings.
This cookie is used to distinguish between human users and bots.
This cookie is used to distinguish between human users and bots. Helping the website in generating precise reports on website usage
www.fundaments.nl
Sets a unique session ID. This allows the website to gather visitor behavior data for statistical analysis.
www.fundaments.nl
Ensures browsing security by preventing cross-site requests from being falsified. This cookie is essential for the security of the website and visitor.
Used to send data to Google Analytics about the visitor's device and behavior. Tracks visitors across devices and marketing channels.
Used by Google AdWords to re-engage visitors that are likely to convert to customers based on the visitor's online behaviour across websites.
www.fundaments.nl
Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
www.fundaments.nl
Used by Google Analytics to slow down request speed
www.fundaments.nl
Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
Preference cookies allow a website to remember information that influences the behavior and design of the website, such as your preferred language or the region where you live.
Remembers the language version selected by the user for a website
Statistical cookies help website owners understand how visitors use their websites by collecting and reporting data anonymously.
Tracks unique fonts used on the website for internal analysis. The cookie does not record visitor data.
Marketing cookies are used to track visitors when they visit different websites. Their goal is to gather information that is tailored to and relevant to the individual user. This information becomes more valuable to us.
Stores the preferences of the user’s video player with embedded YouTube videos
Stores the preferences of the user’s video player with embedded YouTube videos
Stores the preferences of the user’s video player with embedded YouTube videos
Stores the preferences of the user’s video player with embedded YouTube videos
Stores the preferences of the user’s video player with embedded YouTube videos
Stores the preferences of the user’s video player with embedded YouTube videos
Records a unique ID to monitor statistics regarding the YouTube videos viewed by the user
Strives to estimate users’ bandwidth on pages with integrated YouTube videos
Used to track visitors across various website in order to present relevant advertisements based on visitor preferences
Operated by the social networking service, LinkedIn, to track the usage of embedded services
Operated by the social networking service, LinkedIn, to track the usage of embedded services
Managed by Google DoubleClick to track and report website user actions post-viewing or clicking on any of advertisements. The goal is measuring ad effectiveness and presenting targeted ads to the user.
www.fundaments.nl
Keeps track of a visitor's identity. This cookie has passed to the marketing platform HubSpot on form submission and used when de-duplicating contacts.
Registers a unique ID on mobile devices to enable tracking based on geographic GPS location.
Collects data on user preferences and/or interaction with web campaign content. This utilized on the CMR campaign platform that website owner use to promote events and products.
Operated by the social networking service, LinkedIn, to track the usage of embedded services
Operated by the social networking service, LinkedIn, to track the usage of embedded services
Sends data to the marketing platform Hubspot about the visitor's device and behaviour. Tracks the visitor across devices and marketing channels.
www.fundaments.nl
Gathers statistical data regarding the user’s website visits, such as visit counts, average time spent on the website and which pages were loaded. The objective is to segment website users based on factors such as demographics and geographical location. This enables media and marketing agencies to structure and understand their target audiences in order to facilitate customized online advertisements.
www.fundaments.nl
Gathers statistical data regarding the user’s website visits, such as visit counts, average time spent on the website and which pages were loaded. The objective is to segment website users based on factors such as demographics and geographical location. This enables media and marketing agencies to structure and understand their target audiences in order to facilitate customized online advertisements.
www.fundaments.nl
Gathers statistical data regarding the user’s website visits, such as visit counts, average time spent on the website and which pages were loaded. The objective is to segment website users based on factors such as demographics and geographical location. This enables media and marketing agencies to structure and understand their target audiences in order to facilitate customized online advertisements.
