Store
PRO Service
Menu
Search
My Cart
Back

Kooyman B.V. Responsible Disclosure Policy

At Kooyman, the security of our systems, data, and customers is our top priority. Despite our best efforts, vulnerabilities may still exist. If you discover a security weakness in our systems, we invite you to report it to us responsibly so we can resolve the issue together.

We appreciate your help in keeping Kooyman and our customers secure.

 
1. How to Report a Vulnerability

Please send your findings to mgroot@kooymanbv.com with the subject line “Security Vulnerability Report”.
Include as much detail as possible so we can investigate efficiently:

  • A clear description of the vulnerability.
  • The steps you took to discover it (including IPs, URLs, tools, payloads).
  • Any proof-of-concept (screenshots, logs, or video).
  • The potential impact of the issue.
  • If possible, please also suggest how the issue might be fixed.

 
2. What We Ask From You

When investigating and reporting vulnerabilities, please:

  • Do not exploit the issue beyond what is necessary to prove its existence.
  • Do not download, alter, or delete data belonging to us or third parties.
  • Do not create backdoors, change system settings, or take any action that could affect availability or integrity.
  • Do not use physical security attacks, social engineering, spam, brute force, or denial-of-service attacks.
  • Do not publicly disclose the vulnerability until we have confirmed it has been resolved.
  • Delete any sensitive data obtained through your research once the report has been submitted.
  • As long as you act in good faith and follow these rules, Kooyman will not pursue legal action against you for your report.

 
3. Our Commitment to You

When you report a vulnerability in accordance with this policy:

  • You will receive an acknowledgement within 2 business days.
  • We will provide a first assessment within 5 business days.
  • We will keep you informed about progress and resolution status.
  • We aim to remediate valid vulnerabilities as quickly as possible, prioritizing based on severity and impact.


4. Scope

This policy applies to:

  • kooymanbv.com and all subdomains under *.kooymanbv.com.
  • Official Kooyman mobile applications.
  • Other Kooyman-owned and operated online services.

Out-of-scope reports include (non-exhaustive):

  • Social engineering and phishing attacks.
  • Weak password policies without direct exploitation.
  • Missing security headers or cookie flags without exploitable impact.
  • TLS/SSL configuration or cipher recommendations.
  • Issues in third-party software, services, or plugins outside our control.
  • Vulnerabilities requiring physical access to our facilities or customer devices.


5. Recognition

We greatly appreciate the efforts of security researchers who help us improve. Depending on severity and quality of the report, Kooyman may choose to offer recognition or a discretionary reward as a token of appreciation.

 
6. Legal Notes

By submitting a report, you confirm that you are the original finder of the vulnerability and that you will not use or share the information for purposes other than reporting it to Kooyman. Kooyman reserves the right to use the submitted report to improve security.

 

Compare Products