{"id":5298,"date":"2026-01-28T13:46:45","date_gmt":"2026-01-28T13:46:45","guid":{"rendered":"https:\/\/www.yellenge.nl\/?page_id=5298"},"modified":"2026-01-28T13:53:52","modified_gmt":"2026-01-28T13:53:52","slug":"responsible-disclosure-policy-english","status":"publish","type":"page","link":"https:\/\/www.yellenge.nl\/en\/responsible-disclosure-policy-english\/","title":{"rendered":"Responsible Disclosure Policy"},"content":{"rendered":"\n<p><strong>At Owello we are committed to upholding the security of our systems and products to the highest standard. A great amount of effort is spent to ensure quality and safety during development and maintenance. Despite this, it is possible that something escapes our attention. We recognize the role that security researchers and the community play in identifying vulnerabilities in systems and would greatly appreciate that any vulnerabilities are reported in a timely manner. Our Responsible Disclosure Policy aims to encourage the responsible reporting of vulnerabilities to ensure the security and privacy of our users and clients.<\/strong><\/p>\n\n\n\n<p><br><strong>How to report<\/strong><br>Please report to us by emailing our security team at security@yellenge.nl.<br><br><strong>Guidelines<\/strong><br>\u2022 Do not share information about the vulnerability with others until the problem has been solved.<br>\u2022 Provide information about how and when the vulnerability presents itself. Describe, clearly, how the<br>problem can be reproduced and give information about the used methods and the timestamp of your<br>research.<br>\u2022 Avoid accessing or altering any data not needed to demonstrate the vulnerability and do not destroy<br>anything. Do not exploit the vulnerability.<br>\u2022 Although we also take anonymous reports seriously, you can leave your contact details with us so we<br>can contact you about assessment of the vulnerability and potential follow-up.<br>\u2022 Do not test physical security controls, use social engineering or perform DDOS attacks.<br><br>Our Responsible Disclosure Policy isn\u2019t an invitation to try to actively discover vulnerabilities within our<br>systems.<br><strong><br>How does Owello act upon Responsible Disclosure?<br><\/strong>When you report a possible vulnerability, our response will be as follows:<br>\u2022 You will receive confirmation from Owello as soon as we get your report.<br>\u2022 Within three days of you receiving confirmation, we will provide a more extensive reaction including<br>an internal assessment of the report and the expected date of our fix. We will strive to keep you up-to-<br>date on any progress made.<br>\u2022 Owello will treat your report confidentially and will not share your personal information with any third<br>parties unless required by law or judicial decision.<br>\u2022 Owello will decide how to make the report public alongside the reporter.<br>\u2022 Owello will, in cooperation with the reporter, decide how to make the vulnerability public or known to<br>third parties. If the reporter wishes to, we will include their name.<\/p>\n\n\n\n<p><strong>What not to report<\/strong><br>This Responsible Disclosure Policy is not meant to submit questions or complaints. It also isn\u2019t intended to be<br>used for:<br><br>\u2022 Reporting website outage<br>\u2022 Reporting phishing or email fraud.<br>\u2022 Reporting general fraud or scams<br><br>For these kinds of communication, you can contact our support team.<br><br><strong>Rewards\/bug bounty<\/strong><br>To stimulate reporting of vulnerabilities and bugs, Owello has a bug bounty scheme. In case a report helps us in<br>preventing or fixing a vulnerability we offer appropriate compensation. We will decide whether a report is<br>eligible and on the amount of remuneration.<br><strong><br>Which systems\/problems are excluded from a bug bounty?<\/strong><br>Not all systems accessible under our brands are under Owello\u2019s direct control. While we also take reports<br>related to these systems very seriously, we cannot include them under our bug bounty scheme. We also<br>exclude vulnerabilities that are no direct threat or those that are only reproducible under artificial<br>circumstances.<br><br><strong>Excluded systems<\/strong><br>\u2022 www.yellenge.nl<br>\u2022 status.yellenge.nl<br>\u2022 log.owello.nl<br><br><strong>Excluded types of security problems<\/strong><br>\u2022 (D)DOS attacks<br>\u2022 Problems concerning self-XSS<br>\u2022 Errors without sensitive information<br>\u2022 Notifications from which the software we use can be derived<br>\u2022 Problems that require the use of severely outdated operating systems, browsers or unverified plugins.<br>\u2022 Problems already known to us.<br><br>This policy was drafted using the NCSC\u2019s guideline <a href=\"https:\/\/www.ncsc.nl\/cvd-beleid\/aan-de-slag-met-responsible-disclosure-beleid\" data-type=\"link\" data-id=\"https:\/\/www.ncsc.nl\/cvd-beleid\/aan-de-slag-met-responsible-disclosure-beleid\">Leidraad Responsible Disclosure<\/a>.<\/p>\n\n\n","protected":false},"excerpt":{"rendered":"<p>At Owello we are committed to upholding the security of our systems and products to the highest standard. A great amount of effort is spent to ensure quality and safety during development and maintenance. Despite this, it is possible that something escapes our attention. We recognize the role that security researchers and the community play [&hellip;]<\/p>\n","protected":false},"author":5,"featured_media":0,"parent":0,"menu_order":45,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","footnotes":""},"class_list":["post-5298","page","type-page","status-publish","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.yellenge.nl\/en\/wp-json\/wp\/v2\/pages\/5298","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.yellenge.nl\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.yellenge.nl\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.yellenge.nl\/en\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/www.yellenge.nl\/en\/wp-json\/wp\/v2\/comments?post=5298"}],"version-history":[{"count":3,"href":"https:\/\/www.yellenge.nl\/en\/wp-json\/wp\/v2\/pages\/5298\/revisions"}],"predecessor-version":[{"id":5306,"href":"https:\/\/www.yellenge.nl\/en\/wp-json\/wp\/v2\/pages\/5298\/revisions\/5306"}],"wp:attachment":[{"href":"https:\/\/www.yellenge.nl\/en\/wp-json\/wp\/v2\/media?parent=5298"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}