Disclosure

Liantis attaches great importance to the security of its information systems, in particular to the safety of it’s customer data. Despite all security measures taken, it cannot be ruled out that a vulnerability might appear which could be misused.

Liantis has therefore opted for a policy of coordinated disclosure of vulnerabilities (also known as the ‘Responsible Disclosure Policy’) so that you can privately inform us when discovering a vulnerability, in order to have the security problem resolved as quickly as possible. This Responsible Disclosure Policy applies to all Liantis systems and data.

If needed, we would like to work with you to protect our systems in a better way.

To ensure that this process is conducted in an organized and secure manner, we request you to adhere to the following rules below.
 

What we ask of you

If you discover a vulnerability in one of our systems, we ask you to

  • Report the issue by sending an email to disclosure@liantis.be
    • Write your message in English or Dutch.
    • Explain the issue and provide sufficient details to reproduce the issue so that we can resolve the problem as quickly as possible.
    • Provide additional information such as IP addresses, URLs of the affected system, screenshots, etc.
    • Encrypt the finding with our PGP key TBD to prevent the information from falling into the wrong hands.
  • Leave your contact details so Liantis can contact you to work together for a safe result.
    Leave at least your name, e-mail address and/or telephone number.
    Reporting under a pseudonym is possible, but make sure that we can contact you if we should have additional questions.

     

Rules you must follow

  • Do not disclose any information regarding the security issue through other channels.
    Do not share information concerning the vulnerability with third parties, including before or after informing Liantis about the issue or even after it has been resolved.
    Such behavior will be considered irresponsible and civil law proceedings may be instituted against you.
  • Do not misuse the vulnerability found. Only collect the data necessary to inform us of the issue.
    Do not copy, delete, view or modify Liantis data.
  • Do not change or remove any system data or parameters. In general, please ensure that you do not interfere with the effective functioning of our systems. Techniques such as DoS or DDoS attacks, installation of malware/viruses, brute force password guessing, theft of passwords, scanning of our systems, phishing, etc. will be considered targeted attacks and legal action may be instituted against you.
  • Do not take any action that is not absolutely necessary to detect a potential vulnerability or report a vulnerability.
     

What we promise

  • We will respond to your report within 15 working days, with our review of the report and any expected date for resolution. We strive to solve all problems within a short period of time.
  • We will contact you again if we need any additional information.
  • We will inform you as soon as the issue has been solved.
  • We would like to thank you for reporting a security problem via our “Wall Of Fame".
  • We will not take any legal action against you if your actions meet the above criteria.

 

In case of doubt about the applicability of this policy, please contact us first via this e-mail address, to ask for explicit permission.

We reserve the right to change the content of this Policy at any time or to terminate the Policy.