Responsible disclosure

Statement – Responsible disclosure

 

8 July 2020

At Huisman Equipment B.V. and its subsidiary and affiliated companies (“Huisman”), we consider the security of our systems, network and products to be of utmost importance. In spite of the care we take for this security, vulnerabilities are inevitable. If a vulnerability is discovered in one of our systems, Huisman would like to encourage you to address this issue in order to take appropriate measures as quickly as possible. Huisman values your input in order to protect our customers’ and our own systems to meet our own high standards. 

If you find a vulnerability:

  • Report as soon as possible.
  • Deal responsibly with the information in your possession. Do nothing beyond what is necessary to demonstrate the vulnerability.
     

Address a vulnerability:

  • Email your discovery to it-security@huisman-nl.com. Please split sensitive data into separate emails.
  • Give adequate and detailed information, enabling us to reproduce the problem and remedy it as soon as possible. At least, supply the IP address or the URL of the affected system and a description of the vulnerability. More information is appreciated with more complex vulnerabilities, think of adding screenshots to your report.
  • Leave your contact details.
     

Please do not:

  • Abuse the vulnerability, by (for example) downloading, editing or deleting data.
  • Change the system.
  • Share it with others until further notice from Huisman.
  • Make use of; attacks on physical security, social engineering, denial of service or hacking tools, such as vulnerability scanners.
  • Send malware.
     

The Huisman promise:

  • Huisman will respond to your report within two (2) business days.
  • Huisman will remedy the vulnerability as soon as possible, certainly no later than 60 days after receiving the report.
  • We will keep you informed of the progress of the solution to the problem.
  • If the above conditions are met, no legal action will be taken against you.
  • Huisman will treat the report as confidential and will not share your personal data with third parties without your permission, unless otherwise required by law or court order.
  • Huisman will work with you to determine whether and, if so, how the vulnerability is to be made public. It will not be made public until after it has been remedied.
  • Please be assured, that our gratitude will be expressed accordingly. Seriousness of the breach and the quality of the report will be taken into account.

Huisman will always take your report seriously, even without ‘proof’ and strives to resolve all problems as quickly as possible and to keep all involved parties informed.