Responsible Disclosure

Safety of our systems is important to Iddink Digital and holding company Sanoma and we continuously work on the security of our services. If you notice a weak spot, we would appreciate if you report it via an email to: cert@sanoma.com.

By reporting a vulnerability before you make it known to the outside world, you enable Sanoma to take appropriate measures first. If you report a vulnerability or security issue, please consider the following:

• Provide sufficient information to reproduce the problem. This way Sanoma can solve the problem as quickly as possible. Usually the URL of the affected service and a description of the vulnerability is sufficient.
• Leave your contact details (name, email address and/or telephone number) so that Sanoma can contact you.
• Report your finding as soon as possible after discovering the vulnerability or security issue.
• Please report your finding in English. Alternatively Finnish or Dutch can be used.
• Please do not report missing or permissively configured email authentication records (SPF, DKIM, DMARC).

After we have received your report:

• Your report is treated confidential.
• We will acknowledge that we have received your message within 3 days.
• Within 10 working days we will provide more detailed feedback on your finding.

We kindly ask you to respect our rules

• Please do not share the information about the vulnerability or security issue with others until it is resolved.
• Do not abuse the vulnerability that you have identified. Limit your actions to the minimum needed to identify the vulnerability.
• Your investigation should not have any impact on the availability of our services.
• Do not perform actions that go beyond what is necessary to demonstrate the security issue.
• Do not utilize brute force techniques or social engineering in order to gain access to our services.
• Do not implant a backdoor in our services to demonstrate your finding.

Please note that this channel is not meant for customer support or questions about our services.