Responsible disclosure

Information has become one of the most valuable resources for many organisations. Loss or misuse of data can therefore have potentially major consequences for an organisation. POM Group B.V. is therefore committed to the security and protection of its systems and the data it processes.

If, despite our care and measures, you do find a vulnerability in one of our systems, we would like to hear about it. That way we can take appropriate measures as soon as possible and together we can keep the security and protection level high and the risk of breaches low.

What can I think of when it comes to vulnerabilities?

A weakness or vulnerability is a flaw in a digital system that allows an attacker to gain unauthorised access to systems or information. This allows the attacker to, for example, view, modify, destroy information, install malware and/or hold the data hostage, preventing the user from accessing the information.

How to report vulnerabilities?

We would like to receive your report via with a description of the vulnerability and, to the extent possible, answers to the following questions:

- When did you find the vulnerability.

- Where did you find the vulnerability? For example, in one of our products, physical locations and/or devices.

- How did you find the vulnerability? What steps/actions led to this?

- By whom and how could the vulnerability be exploited?

- What could happen if the vulnerability is exploited?

We would also like to receive supporting material with your report, such as screenshots, logs, URLs, IP addresses and information about the operating system, device and browser used, so that we have sufficient information to investigate and apply an appropriate solution as soon as possible.

What are the conditions?

When you have identified a vulnerability, we ask you:

- report the vulnerability, as described above, to us and not disclose it at any time or in any way;

- treat knowledge of the vulnerability responsibly and not collect more data or perform other actions than those necessary for the report;

- not exploit the vulnerability and cause damage to and/or interruption of users, organisations, systems, data or services, for example by using attacks on/with physical security, social engineering, distributed denial of service, backdoors, brute force, malware, ransomware, spam, phishing, third-party applications, etc. ;

- comply with applicable laws and regulations, including privacy laws, and treat the report and related information in accordance with the level of confidentiality;

- delete all data obtained from this report and vulnerability immediately after its resolution and confirm this to us.

We assume that a report is made in good faith. However, should any doubt arise during and/or after the investigation of the vulnerability regarding compliance with the above conditions, POM Group B.V. may extend the investigation and, if necessary, take legal action.

Is there a reward for reporting a vulnerability?

No, we do not offer rewards for reporting vulnerabilities.

What happens to my report and my personal data?

As soon as we have received your report, we assess whether the report contains sufficient information and we start our investigation to resolve this vulnerability as quickly as possible. Through we will keep you informed about your report and its completion.

The personal data you provide to us, such as your name, e-mail address and/or telephone number, will only be used in the context of this report. You can find more information on the use of personal data in our privacy statement.