Ga naar inhoud

Report a vulnerability

If you discover a weak spot or vulnerability on this website, please report this to Univé. Making such a report is called Coordinated Vulnerability Disclosure (CVD). Also known as Responsible Disclosure.

Customer data is important to Univé

Protecting the data of our customers is our highest priority. That is why we continuously improve and monitor our systems. Still, it is possible that an unexpected weakness arises. If you discover such a vulnerability, let us know immediately. This way, we can take swift action and prevent negative consequences.

How to report a vulnerability

  • Email your findings as soon as possible to security@unive.nl;
  • Do not share the report/vulnerability with others, to prevent unauthorized access to the information;
  • Provide enough details so we can reproduce and resolve the issue quickly. The IP address or URL of the affected system and a description of the weakness are usually sufficient. Complex problems may require more information.

What Univé does with your report

  • Your report will be treated confidentially. Your personal details will not be shared without your consent, unless required by law. You may report anonymously or under a pseudonym;

  • You will receive our response within five days including an assessment and an expected date for a solution;

  • You will be kept informed about the progress of resolving the issue;

  • We will not take legal action against you for this report, provided you follow the legal conditions;

  • Once the issue is resolved, you will be notified immediately. Univé will, if you wish, go public with news of the reported issue with your name as the discoverer.

When reporting, please keep in mind

  • Do not engage in cybercrime activities. Examples include (but are not limited to) brute force attacks, social engineering, attacks on physical security, distributed denial of service, spam, or using third-party applications to gain access to systems.
  • Do not actively scan for vulnerabilities. Since the Univé network is continuously monitored, such scans are likely to be detected. This will trigger an investigation and may result in unnecessary costs.
  • Do not place your own 'backdoor' in a system to demonstrate a vulnerability. This creates additional risks and potential damage.

  • Use a vulnerability only to establish its existence, nothing more.

  • Do not copy, delete, or modify any data from the system. You may limit yourself to making a 'directory listing' to demonstrate the weakness.

  • Do not alter the system itself.

  • Limit the number of access attempts to the system and do not share access with others.


Bezoek de Nederlandse versie van deze pagina