By reporting the vulnerability before you make it known to the outside world, you enable Sanoma to take appropriate measures first. If you report a vulnerability or security issue, please consider the following:
- Provide sufficient information to reproduce the problem. This way Sanoma can solve the problem as quickly as possible. Usually the IP address or URL of the affected system and a description of the vulnerability is sufficient.
- Leave your contact details (name, e-mail address and/or telephone number) so that Sanoma can contact you.
- Report your finding as soon as possible after discovering the vulnerability or security issue.
- Please report you finding in English language. Alternatively Finnish or Dutch can be used.
After we have received your report:
- Your report is treated confidential!
- We will acknowledge that we have received your message within 3 days.
- Within 10 working days we will provide more detailed feedback on your finding.
We kindly ask you to respect our rules
- Please do not share the information about the vulnerability or security issue with others until it is resolved.
- Do not abuse the vulnerability that you have identified and limit your actions to the minimum needed to identify the vulnerability.
- Your investigation should not have any impact on the availability of our IT-systems.
- Do not perform actions that go beyond what is necessary to demonstrate the security issue.
- Do not utilize social engineering in order to gain access to our IT-systems.
- Do not put a backdoor in the system or make use of brute force techniques to get access to the IT-system or to demonstrate your finding.
Please note that this policy is not meant for complaints about service offerings from Sanoma, complaints or questions about the availability of our services.