Questions? Call +31 (0) 30 630 00 86

Disclaimer

Flexbrain takes every care with this website, but cannot guarantee the accuracy of the information. Flexbrain and Brainnet B.V. can not be held responsible for the content of the site or for the use that may be made of it. The entire website is the exclusive property of Brainnet B.V. Information on this site may be used for information purposes by the visitor, excluding any reproduction, distribution or exploitation for the benefit of third parties. Personal information that you may provide to Brainnet B.V., will be included in the database of Brainnet B.V. This data is used by Brainnet B.V. for administrative information purposes only.

Responsible Disclosure Policy

At Brainnet, we consider the security of our systems to be of utmost importance. In spite of the care we take for the security of our systems, it can happen that a weak point remains. If you have found a weakness in one of our systems, we would like to hear about it so that we can take appropriate measures as quickly as possible. Weak points can be discovered in two ways: you accidently come upon something during the normal use of a digital environment, or you explicitly do your best to find a weakness.

Our responsible disclosure policy is not an invitation to actively scan our portals to discover weak points. We monitor our portals ourselves. Our responsibility to our customers means that our intention is not to encourage hacking attempts on our infrastructure. However, we would like to hear from you as quickly as possible if vulnerabilities are found in our portals, so that we can resolve them adequately.

We ask that you:

  • E-mail your findings as quickly as possible to info@brainnet.nl;
  • Do not abuse the vulnerability, for example by downloading, editing or deleting data. We will always take your report seriously and investigate any suspicions of a vulnerability, even without ‘proof’;
  • Do not share the problem with others until it has been resolved;
  • Do not make use of attacks on physical security, of social engineering or hacking tools, such as vulnerability scanners;
  • Give adequate information for the problem to be reproduced so that we can resolve it as quickly as possible. Usually, the IP address or the URL of the affected system and a description of the vulnerability are enough, although more information might be necessary for more complex vulnerabilities.

What we promise:

  • We will respond to your report within 3 business days, with our evaluation of the report and an expected resolution date;
  • We will handle your report confidentially, and will not share your personal information with third parties without your permission. An exception to this is the police and judiciary in the event of prosecution or if information is demanded;
  • We will keep you informed of the progress of the solution to the problem;
  • In communication about the reported problem we will state your name as the discoverer, if you wish;
  • As thanks for your help, we offer a reward for every report of a security problem that is not known to us. We determine the value of the reward on the basis of the seriousness of the breach and the quality of the report, with a minimum of a €50 voucher.

We strive to resolve all problems as quickly as possible, to keep all involved parties informed and we would like to be involved in any publication about the problem once it is resolved.