By reporting the vulnerability before you make it known to the outside world, you enable Sanoma to take appropriate measures first. If you report a vulnerability or security issue, please consider the following:

  • Provide sufficient information to reproduce the problem. This way Sanoma can solve the problem as quickly as possible. Usually the IP address or URL of the affected system and a description of the vulnerability is sufficient.
  • Leave your contact details (name, e-mail address and/or telephone number) so that Sanoma can contact you.
  • Report your finding as soon as possible after discovering the vulnerability or security issue.
  • Please report you finding in English language. Alternatively Finnish or Dutch can be used.


After we have received your report:

  • Your report is treated confidential!
  • We will acknowledge that we have received your message within 3 days.
  • Within 10 working days we will provide more detailed feedback on your finding.


We kindly ask you to respect our rules

  • Please do not share the information about the vulnerability or security issue with others until it is resolved.
  • Do not abuse the vulnerability that you have identified and limit your actions to the minimum needed to identify the vulnerability.
  • Your investigation should not have any impact on the availability of our IT-systems.
  • Do not perform actions that go beyond what is necessary to demonstrate the security issue.
  • Do not utilize social engineering in order to gain access to our IT-systems.
  • Do not put a backdoor in the system or make use of brute force techniques to get access to the IT-system or to demonstrate your finding.


Please note that this policy is not meant for complaints about service offerings from Sanoma, complaints or questions about the availability of our services.