At ChipSoft, we greatly value the security of our systems, products and network. We realize that, even though we take great care in our security, vulnerabilities can occur. Should you find such a vulnerability, we'd like to know. We'll make sure to fix it as soon as possible.
What we expect of you:
- Please email your finding to responsible-disclosure@chipsoft.nl. You can encrypt your message with our PGP-key to prevent the information from falling into the wrong hands.
- Don't misuse the vulnerability by downloading, editing or deleting data. We take each disclosure seriously and don't need 'proof' to research it.
- Don't share your information with others until we've solved the problem.
- Don't attack physical protections, use social engineering or use hacking tools such as vulnerability scanners.
- Provide us with enough information to reproduce the problem, as to make the solution process as quickly as possible. Usually the IP or URL of the system in question and a description of the vulnerability is enough. However, in case of complex issues, more information could be necessary.
What you can expect of us:
- We'll react to your disclosure within three working days, including an expected solution date. We'll keep you up to date afterwards about the progress of fixing the issue.
- We fix the vulnerability as quickly as possible, depending on the impact, scope and severity of the issue.
- If you adhere to the aforementioned expectations, we'll refrain from reporting you to the police.
- As a sign of gratitude for protecting our systems, we'd like to reward your effort with some ChipSoft goodies and a reference on our wall of fame. This reward is dependent on the severity of the vulnerability and the quality of the disclosure.
ChipSoft would like to thank the following people for making a responsible disclosure report and for communicating a vulnerability in our ICT environment. This allows us to safeguard the security of our systems even more effectively.
Hall of fame:
- Aman - d24b85f1-a335-46be-85f7-7472d917eb9c
- Sovon Bhattacharya - 2c319392-2109-4eef-a06b-bd6c6d5e958b
- MGous Khatik - 2hbd83rg-7201-g779-s798-11fbh7495ms3
- Arjun E - 9h312257-2109-4nbf-b09a-tg6c6d6m625s
- Zain Iqbal - ba2db7e9-dabf-471b-a3e5-c4c06ae05473
- Nathan van Haaster - ccfb2644-2435-4ab6-9267-60846a28a864
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQGNBGHoHE4BDACjA3Nkosk01+oYWH3ue7GkZ6MnvLeGiJuwdL+fYQ9EeToJLl2e
4dqbjXH1unXepqeYkzq/6ry0edglAhV+XjCK+O6BS9w+QKCBjGWaSS1hnscG9Yf4
9KPPLdmVgbLzOKYZLsl9zz6UF4PGe2P7FUyA/UQqyWm/QsEqQcnVphmL1T6OMLFj
gSX7Mo1Y4v7vmyValANs6goUt7iZ/cLhqFx2zxjirNfrreomeaOITezrXl/44qA3
zOKt6s7pY2PWiyAGrErfl+DudRLBL0uddkgmT+sRFL8J2gXTmI6s7W/lyNZcf7du
7KHoaD5yKX4/Fzu6oOKNzeVB3//BgkMk8C1PbY5BeTzkj1nEiZxJ21RwPY6sYOxK
osJRtkK0UApv+dy0COdfUw3Ijv/LVpF4T0NglUwKzqfwaWZJC4PHvUV/04796+tT
ZTyKC/eE5Axh9ULvzyylr3P1pOU4/obR4qY1Xi8yKAnFGhtV6QdK7M+AfXK40SCf
qQ/WBwMTxQnftisAEQEAAbRJQ2hpcFNvZnQgcmVzcG9uc2libGUgZGlzY2xvc3Vy
ZSAyMDIyIDxyZXNwb25zaWJsZS1kaXNjbG9zdXJlQGNoaXBzb2Z0Lm5sPokB1AQT
AQgAPhYhBIkNqpPBxjPEzyEzAk7X83MWs1xSBQJh6BxOAhsDBQkDwjniBQsJCAcC
BhUKCQgLAgQWAgMBAh4BAheAAAoJEE7X83MWs1xSz6EL/j/uam1xNPDkLo9KW3gO
eIWBC9AKusTeYuDSaRBHAy0C9wWQdbGzu0CG6m3iHq9PzUGraQ5Qe4myNlDx5WAi
heojGyj/LSvYLN/B7QMpvwMURAEIaxLP37WFGrxE1/yui5Oacva0gfAyP8OMRRDO
W0oWZ0k4knVEa+tU9ylrOPdz6g+MBgKaBBrqRHuHGmiNqSVoty1+CfO8bLmcxq95
DjYbO2Sjkn6dcsBQ0OggS8Hhh6w2aqv6PBnjjDWNr3xDsavuEbU9jiew1obrSr1x
mkMTgWwqn/I+97K+PYdeWkZFTYmi/ZxUW7XH1OR5AOcOQbxDDVCm/JrHqdluRgxz
vdQVSnpCqg5KquGyiwLiUCJmGmJo9TfYVsrcL1zfgYcTVBw1iHo80ozV/FsZzg50
pc+9ndXxvwyZUe6m5MXcaOsQRfFHAIbvlgr+eBxoUK4mXGtfilmTmmB8IQ1xd7ue
FZT1iLyyCbB4UloaElEMIY9qm9Jnis6i7Nu7foC2yWA9arkBjQRh6BxOAQwAxXZP
tZaID+thHWixN62BOm6ymPJuezfxkGS8tipPcblnPuyq7SvYCbCQdReWKfy2Nhcc
9R+y1e4SLkySzjxEOFAIBTOk6br8YSbDgx4uOrVil/kuoF7K3DVS0bnwb/Mi2CpQ
8+D62YmPvQA11UbOFgBsIQW/b7DJndyMnAco/+GA78Carwbf0p2mXnWWow0eYlG8
nq0I+iuvbAQw5dxax316wUpE7WrQDbKCGiN6kwVsouVAdIPGxMYi326lILrClbaP
3yYy2b5/Vo2bTOEHu4CzilZPOCURhc8JLTy2S5f/WpSMvDCGkmDYQ3e7NFfEbv6g
GeVGmksczV7HgAY8plYBzQHP8sZ5B2rE+z5w52FRwynrq1G4xYTR/SgDSJcC7geE
67wYMGWH8wtQZvnyc/XMlj6OadA1zbkmg0WELOl9sxm9u1VLAYCdJYv7cXtFJlM8
1OoRYw/lWk/Jgl76jp/gQJYpINl0BEINH04RzFPtGbd1rLlQXWl7+qNOjUwHABEB
AAGJAbwEGAEIACYWIQSJDaqTwcYzxM8hMwJO1/NzFrNcUgUCYegcTgIbDAUJA8I5
4gAKCRBO1/NzFrNcUtSpC/4lbQlwlfU3Rof559xEiHZJnbzBOZcyGz2yWnVcytCo
gtZsiUnQOF95ZmOg9vwFUukVnthHCyuoKcdrf10nM2xk9RcCIajXozhvJz+fh6GV
Q/yHHFTOs83K19u9B3dJvq/VMI6eJp5pJOhtcXm4Gku5ODK8EjLRkNGEQQirKz7e
rNes9l08mVchVsfzUU5utJc2+40kQfn+ukCyvQqia4wTxbpCd884IwuERJKWfrU7
NKo4Rg7LqOi5bGmVHhsBY4Zf1dSq8aK+8Sv0Dcnteg4lnUnPQctemLYyXtF6vBQN
Q/qbMcjCe0CaqzcoGTsvO+oCb0Riik3icQPAHPwkEyHAgPpmoDVL+PHCKhnBed0H
O+KHl3NbnD+o2erRE+CYdV2rfZpUo4Iv+sCTXUGMantBfxp5TQ5Xo5OwXfNtNBAf
gFqKkHpXOGWz2FUa3EXuuMmgioFVJyuWVpRF5KyWJ4UJMzfNK8YnMmJonl4ITYyu
dIdogfFgY7DtoeIr5yIxzKM=
=Xo4x
-----END PGP PUBLIC KEY BLOCK-----