Responsible disclosure

English version below

Unfortunately we have to put the responsible disclosure programme on hold for the next few months due to planned major maintenance to the website! You may still report bugs, but we will not respond or add anyone to the hall of fame for now, nor will we do so later for reports submitted after 9 June 2024. When we restart the programme, we will only accept NEW reports.

Unfortunately, we have to TOTALLY suspend our repponsible disclosure program for the next months due to planned big maintenance on our website! You can still send in vulnarabilities, but for the time beeing we will NOT GIVE A REACTION IN ANY WAY OR ADD SOMEONE TO THE HALL OF FAME and we will not do so later for send in vulnerabilities after of 9th of June 2024. when we restart the program, we will only accept NEW / then current vulnerabilities.

Despite our care for security, it may happen that there is a vulnerability in one of our systems. If you have found a vulnerability, please let us know so that we can take the necessary measures as soon as possible. Together with you, we like to work on continuous security of our systems.

The Responsible Disclosure Regulations explain how reporting a discovered vulnerability works.

We accept reports of genuine vulnerabilities in applications and/or systems. Things like the lack of RRs (SPF, CAA, DMARC, etc.) and security headers in websites (HSTS, Content-Security-Policy, etc.) are not accepted as reports. These are known to us and are already being worked on.

Please report a responsible disclosure using the e-mail address: responsible-disclosure@kivi.nl.

We would like to thank everyone who has reported a vulnerability responsibly, via our Hall of Fame.