By reporting the vulnerability before you make it known to the outside world, you enable Sanoma to take appropriate measures first. If you report a vulnerability or security issue, please consider the following:

  • Provide sufficient information to reproduce the problem. This way Sanoma can solve the problem as quickly as possible. Usually the IP address or URL of the affected system and a description of the vulnerability is sufficient.
  • Leave your contact details (name, e-mail address and/or telephone number) so that Sanoma can contact you.
  • Report your finding as soon as possible after discovering the vulnerability or security issue.
  • Please report you finding in English language. Alternatively Finnish or Dutch can be used.

 

After we have received your report:

  • Your report is treated confidential!
  • We will acknowledge that we have received your message within 3 days.
  • Within 10 working days we will provide more detailed feedback on your finding.

 

We kindly ask you to respect our rules

  • Please do not share the information about the vulnerability or security issue with others until it is resolved.
  • Do not abuse the vulnerability that you have identified and limit your actions to the minimum needed to identify the vulnerability.
  • Your investigation should not have any impact on the availability of our IT-systems.
  • Do not perform actions that go beyond what is necessary to demonstrate the security issue.
  • Do not utilize social engineering in order to gain access to our IT-systems.
  • Do not put a backdoor in the system or make use of brute force techniques to get access to the IT-system or to demonstrate your finding.

 

Please note that this policy is not meant for complaints about service offerings from Sanoma, complaints or questions about the availability of our services.

cert@sanoma.com