Responsible disclosure policy

It is important that our software is secure. If you find a vulnerability in our software we would like to hear about it. We will then take the necessary measures as soon as possible to fix the vulnerability found.

In order to deal responsibly with vulnerabilities found, we follow a set of guidelines therein. You can hold us to these when you find a vulnerability in our software.

If you have found a (possible) vulnerability, please report it at security@treams.nl. We would appreciate it if you include your e-mail address and phone number, as we would like to thank you personally for your help.

You should consider the following:

• Make a notification as soon as possible after a vulnerability discovery.
• Do not share the information about the security problem with third parties. We are very quick with patches.
• Try not to take your actions beyond what is necessary to demonstrate the security problem.

Thus, you are not allowed to:

• places malware.
• copies, modifies or deletes data.
• makes modifications in or to our systems.
• repeatedly gains access to the system or shares access with others.
• uses so-called "bruteforcing" of access to systems.
• Uses denial-of-service or social engineering.

You can expect from us:

• that, taking into account the above, we will not attach any legal consequences to this report.
• we keep your information confidential.
• we will let you know quickly after you make a report how we are processing it and when you can expect a resolution.
• That we will let you know when the notification has been processed.
• That we resolve the report as soon as possible, taking into account the impact of the report made.
• we thank you -appropriately- for your help.

Thanks for your help in keeping our systems safe.