Welkom op de website van omroepvereniging MAX
Kijk & Luister
Lees voor
Word lid van MAX Word lid van MAX
Omroep MAX
NPO Start
Lees voor
Home

Responsible Vulnerability Disclosure

Responsible Vulnerability Disclosure

Nederlandse versie

The security of our systems is an important subject at MAX. We make every effort possible to secure them. However, it is possible that (unintended) vulnerabilities may exist in our systems.

We would appreciate it if you could report vulnerabilities to our team if you discover a vulnerability in our systems. We will investigate your findings and solve the vulnerability within our team or with our partners.

Reporting vulnerabilities

You contribute to the security of our systems and data by submitting a vulnerability report according to our Responsible Disclosure policy (also known as Coordinated Vulnerability Disclosure).

You can send your findings to security@omroepmax.nl.

What we will ask you

  1. Only perform necessary actions to demonstrate the vulnerability – do not misuse these vulnerabilities.
  2. Do not misuse personal data of third parties.
  3. Keep the report confidential until we have resolved the vulnerability.
  4. Delete all data which you obtained through the vulnerability once your report has been submitted.
  5. Do not use social engineering, DDoS, spam, physical attacks etc.
  6. Provide sufficient information to reproduce the vulnerability. Think about IP-addresses, URL, type of vulnerability, reproduction steps, logs, screenshots, and PoC-code.
  7. You may submit your report under a pseudonym if you require.

What can you expect from us?

  • You will receive an initial assessment and, if possible, an expected solution timeline within five working days.
  • The report will be fully confidential. Your data will not be shared without permission, unless required by the Dutch or European law.
  • If you comply with the above conditions, we will not take legal action regarding the report.
  • If you want, we will keep you posted about the progress of the issue.
  • If appropriate, we may offer an incentive to the first reporter.

Wall of Fame

Omroep MAX recognizes individuals who have reported a vulnerability or security issue in our systems on this Wall of Fame. They followed the Responsible Disclosure policy, ensuring that the matter was handled appropriately. Omroep MAX is grateful to these individuals, as their reports help us improve our security.

We would like to thank:

  • Abhishek Kumar
  • Harsh Maheta
  • Jessie Gouw