Coordinated Vulnerability Disclosure
EuroCCP maintains and improves its systems and infrastructure security. However, our systems could contain a vulnerability. If you have found a vulnerability or weak spot in one of EuroCCP’s IT systems or systems related to EuroCCP’s online web presence, we would like to hear from you.
You can report any found weakness in our IT systems. If you have detected a weakness, please contact EuroCCP as soon as possible.
Weaknesses can be reported to EuroCCP by calling us and asking for the Information Security department or by emailing them to firstname.lastname@example.org. Please encrypt your findings using EuroCCP’s PGP key before mailing them to prevent the information being intercepted and falling into the wrong hands.
- Please provide as much information as possible for EuroCCP to be able to reproduce and swiftly solve the issue.
- Make sure to leave your contact details (email address and/or telephone number) so that EuroCCP may contact you for information and cooperation towards a quick and safe solution.
- Report the found vulnerability as soon as possible after discovery.
- Do not share any information on the security issue with others until the issue has been solved.
- Do not perform any acts other than those necessary for revealing the security issue.
The Dutch National Cyber Security Centre of the Ministry of Security and Justice has created guidelines for reporting weaknesses in IT systems. Our rules are based on these guidelines.
Avoid in any case:
- Using found weaknesses for purposes other than your own investigation
- Installation of malware or back doors
- Using brute-force attacks to gain access to systems
- Using (D)DOS attacks or social engineering
- Accessing systems repeatedly and/or sharing access with others
- Making changes to the system’s configurations
- Copying, deleting or changing any data or listing directory structures and/or contents
EuroCCP response to reported security weaknesses
- EuroCCP will inform you and work with you on solving the reported security weakness in a mutually responsible and coordinated way.
- If you have complied with the above mentioned conditions, EuroCCP will not attach any legal consequences to the report.
- EuroCCP will handle the report with confidentiality and will not share any information about the reporter with any other parties without the explicit approval of the reporter unless this is required by law or court order.
- EuroCCP endeavours to confirm the reception of the report to you within one working day.
- EuroCCP will keep you updated on the progress made while solving the security issue.
- EuroCCP might offer a reward for the help and assistance received if the reported issue is considered serious and if it was unknown to EuroCCP.