By reporting a vulnerability before you make it known to the outside world, you enable Sanoma to take appropriate measures first. If you report a vulnerability or security issue, please consider the following:
- Provide sufficient information to reproduce the problem. This way Sanoma can solve the problem as quickly as possible. Usually the URL of the affected service and a description of the vulnerability is sufficient.
- Leave your contact details (name, email address and/or telephone number) so that Sanoma can contact you.
- Report your finding as soon as possible after discovering the vulnerability or security issue.
- Please report your finding in English. Alternatively Finnish or Dutch can be used.
- Please do not report missing or permissively configured email authentication records (SPF, DKIM, DMARC).
After we have received your report:
- Your report is treated confidential.
- We will acknowledge that we have received your message within 3 days.
- Within 10 working days we will provide more detailed feedback on your finding.
We kindly ask you to respect our rules
- Please do not share the information about the vulnerability or security issue with others until it is resolved.
- Do not abuse the vulnerability that you have identified. Limit your actions to the minimum needed to identify the vulnerability.
- Your investigation should not have any impact on the availability of our services.
- Do not perform actions that go beyond what is necessary to demonstrate the security issue.
- Do not utilize brute force techniques or social engineering in order to gain access to our services.
- Do not implant a backdoor in our services to demonstrate your finding.
Please note that this channel is not meant for customer support or questions about our services.