info@handelsroute.nl
+31 20 775 4411

CONTACT & BUG BOUNTY

Heb je vragen en/of opmerkingen over deze website, onze handelsreizen, projecten en matchmaking neem dan contact met ons op.

handelsroute.nl
Wilhelminastraat 184 HS
1054 WT Amsterdam
The Netherlands
+31(0) 20 7754411
info@handelsroute.nl

KvK Amsterdam 34140951

Wil je op de hoogte gehouden worden van aankomende reizen, schrijf je dan in voor onze nieuwsbrief

Of volg ons
Twitter
LinkedIn
MeetUp
flickr


Guidelines
The handelsroute.nl Bug Bounty Program applies to security vulnerabilities found within handelsroute.nl's public-facing online environment. This includes, but is not limited to, handelsroute.nl’s websites, exposed APIs, mobile applications, and devices.
A security bug is an error, flaw, mistake, failure, or fault in a computer program or system that impacts the security of a device, system, network, or data. Any security bug may be considered for this program; however, it must be a new, previously unreported, vulnerability in order to be eligible for reward or recognition. Typically the in-scope submissions will include high impact bugs; however, any vulnerability that could realistically place the online security of handelsroute.nl, our customers, or the public at large at risk is in scope and might be rewarded.
Bugs which directly or indirectly affect the confidentiality or integrity of user data or privacy are prime candidates for a reward or recognition. Some characteristics that are considered when "qualifying" bugs include those that:

  • Directly or indirectly affect the confidentiality or integrity of user data or privacy
  • Compromise the integrity of the system
  • Enable unauthorized access to significant data or resources
  • Enable the running of unauthorized code
  • Increase privileges or access beyond that which is intended
  • Interfere with or bypass security controls or mechanisms
  • Are exploitable (i.e. not purely theoretical)
  • Can be launched remotely
  • Could cause damage to a user's system
handelsroute.nl at it’s sole discretion, determines which bugs are considered as candidates for a reward, as well as the final reward recipients.
To avoid any misunderstandings we are not a multinationals so bounties are limited to hall of fame recognition and fun swag.

Reporting Process
When reporting bugs you must send an e-mail with the following information to info@handelsroute.nl:
Your details:
  • Your name
  • Your email address
  • Your Country of Residence
  • Permission to list your name and/or company on our Bug Bounty Hall of Fame
  • How you would like your name to be displayed on our Hall of Fame (required only if you provide permission to list your name on the Hall of Fame
  • A personal link or handle that you would like included on your Hall of Fame entry (required only if you provide permission to use your name/profile handles on social media channels)
Following details of the bug or vulnerability are appreciated:
  • The type of software that is vulnerable
  • The type of bug that you are reporting
  • Your Operating System and Browser Type used for testing
  • How you discovered the vulnerability
  • The vulnerable resource
  • A description of the security issue, risk and possible exploits
  • A scenario that describes how to exploit the vulnerability
  • Detailed steps needed to reproduce the issue
In describing the vulnerability it is important to include all necessary details required for reproducing the vulnerability as well as the tools required to reproduce the vulnerability. We will acknowledge the submittal via an email. Please note that the vulnerability should be treated as under nondisclosure until the vulnerability is remediated.
Duplicate submissions (where the bug has already been reported are not eligible for Bug Bounty rewards or Hall of Fame recognition.

Program Exclusions
There are categories of bugs which are definitively excluded from reward in the handelsroute.nl Bug Bounty Program:
The submitter must not be the author of the code with the vulnerability
Vulnerabilities that are disclosed to any party other than handelsroute.nl, including vulnerability brokers, will usually not qualify for Bug Bounty reward. This includes both full public disclosure and limited private release.

Terms & Conditions
There are constraints on who may participate in the handelsroute.nl Bug Bounty Program (the "Program"). In addition, there may be additional restrictions depending upon applicable local laws.
  1. By submitting the vulnerability, you affirm that you have not disclosed and agree that you will not disclose the bug or your submission to anyone other than handelsroute.nl via the handelsroute.nl Bug Bounty Process. Absent handelsroute.nl's prior written consent, any disclosure outside of this process would violate this Agreement. It is understood and agreed that money damages would not be a sufficient remedy for any breach of this paragraph by you or your representative(s) and that handelsroute.nl shall be entitled to specific performance as a remedy for any such breach, including injunctive relief. Such remedy shall not be deemed to be the exclusive remedy for any such breach but shall be in addition to all other remedies available at law or equity to handelsroute.nl.
  2. Submissions selected for rewards, and the individuals who submitted the vulnerabilities will receive appropriate recognition at the discretion of handelsroute.nl.
  3. By submitting information about a potential vulnerability, you are agreeing to these terms and conditions and granting handelsroute.nl a worldwide, royalty-free, non-exclusive license to use your submission for the purpose of addressing vulnerabilities. Only the first report of a given issue that handelsroute.nl had not yet identified is eligible. In the event of a duplicate submission, only the earliest received report is considered.
  4. Eligibility for rewards and determination of the recipients and amount of reward is left up to the discretion of handelsroute.nl.
  5. The Program is focused predominantly on: Internet-facing handelsroute.nl websites executing on internet domains that provide significant business value to handelsroute.nl, and are supported directly by handelsroute.nl and its suppliers; handelsroute.nl-branded mobile applications; handelsroute.nl-branded devices; and other handelsroute.nl applications. Vulnerabilities submitted outside this scope are generally less likely to receive recognition or rewards under this Program.
  6. You are responsible for all taxes associated with and imposed on any reward you may receive from handelsroute.nl. You are responsible for notifying handelsroute.nl of any changes to your contact information, including but not limited to your email address. Failure to do so may lead to the forfeiture of Bounty Awards.
  7. handelsroute.nl Services reserves the right to discontinue the Program at any time without notice.
  8. If you or your bank are on a sanctions lists or are in a country on a sanctions list (e.g. Cuba, Iran, North Korea, Sudan and Syria), then you are possibly ineligible to receive a reward.
  9. You may only exploit, investigate, or target vulnerabilities in such a way that testing does not violate any law, or disrupt or compromise any data or access data that is not yours; intentional access of customer data is expressly prohibited.
  10. If you inadvertently access proprietary customer, employee, or business related information during your testing, the information must not be used, disclosed, stored, or recorded in any way. Inadvertent access of the data must be declared within your submission.
  11. Your testing activities must not negatively impact handelsroute.nl, or handelsroute.nl's online environment availability or performance.
  12. handelsroute.nl reserves the right of non-remediation at its sole discretion.
  13. This agreement constitutes the entire agreement of the parties with respect to the items listed above. This agreement may be amended or modified only by a subsequent agreement in writing.
  14. If any portion of this agreement is found to be illegal or unenforceable, then the parties shall be relieved of their responsibilities arising under such portion, but only to the extent that such portion is illegal or unenforceable.