Customer Portal

May we use cookies to track your activities to serve you better? We take your privacy very seriously. Please see our privacy policy for details and any questions.

Header Image

Coulisse responsible disclosure policy

EN / NL / DE / ES / PL

Introduction

At Coulisse, we consider the security of our systems very important. Despite the attention and care we give to the security of our systems, it may still happen that vulnerabilities exist in our systems.

If you notice a vulnerability, we encourage you to let us know. We would like to hear from you so we can take appropriate action immediately. That way we can work together to fix the problems and make our systems even more secure.

How do you make a report?

A report can be addressed to security@coulisse.com.

When making a report, we would like to ask you for sufficient and clear information so that we can properly identify the (security) problem. We are interested in how it could be abused. It would help if you gave an explanation of the problem and how you found it, if possible with screenshots. Also mention the date and time you found it. This helps us with the analysis of the problem and thus to find a suitable solution as quickly as possible.

We would also like to receive your contact information so we can communicate with you about the report. Do you prefer not to? Then you can choose to make the report anonymously.

Important points we want to ask you

  • Do not make the vulnerability public or share it with others. At least until we have had sufficient time to analyze and solve the problem ourselves.
  • Do not abuse the problem by, for example, copying, modifying or deleting data, posting a malware or downloading more data than is necessary to demonstrate the problem.
  • Delete all confidential information obtained through the vulnerability immediately after the problem is fixed.
  • Do not conduct tests involving physical security, employee manipulation, system overload (for example, through a DDoS attack), or third-party applications (apps).
  • Do not attempt to enter our systems by repeatedly trying random combinations of login credentials, also known as ‘Brute Force Attacks’.

What to expect from us

After you make the report, you will receive an acknowledgement as soon as possible. If you have not made the report anonymously, we will do our best to contact you about the report within 5 days and will keep you updated on the progress of solving the problem.

Coulisse will treat your report confidentially. Your information will not be shared without your permission, and your contact information will only be used to communicate with you about the report. An exception to this is if we are required by law to share your information or if we suspect that you are not acting in good faith and are guilty of a criminal offense.

For every unique and verified vulnerability you report to us in a responsible manner, we may offer a (financial) reward but we are not obliged to do so. Thus, you are not automatically entitled to a reward. A condition for receiving a reward is, for example, that the Responsible Disclosure guidelines are followed. The amount/size of any reward depends on the severity and impact of the vulnerability and the quality of the disclosure.

Legal position

Coulisse will not take any legal action against you as reporter of the security problem. The condition for this is that you have acted in good faith and in the spirit of 'responsible disclosure'. If we suspect that you are guilty of an offence, we will report you to the police.