Responsible reporting of vulnerabilities

Embion considers the security of its information systems a top priority. Despite all efforts and strict development and testing procedures to achieve optimal security, Embion is aware that security vulnerabilities may still come to light during use.

If you discover a vulnerability, please treat it confidentially and report it to Embion as soon as possible. Embion will assess your report and take appropriate measures immediately where necessary.

 

Reporting procedure

 

We ask you to do the following:

  • Email your findings as completely as possible to security@embion.nl or call 085-0435861 and ask for the Security Officer.
  • Do not abuse the vulnerability or problem you have discovered. For example, do not download more data than is strictly necessary to demonstrate the vulnerability and do not delete or modify others' data.
  • Treat the vulnerability confidentially and do not share details with third parties until Embion has fixed the vulnerability.
  • Do not conduct attacks on physical security, via social engineering, distributed denial-of-service (DDoS) attacks, spam or third-party applications.
  • Provide Embion with sufficient information to reproduce the vulnerability. Usually, the IP address or URL of the affected system and a clear description of the vulnerability are sufficient. More complex vulnerabilities may require additional explanation.
  • If you have the knowledge or experience on this, we would appreciate it if you also provide your advice on possible solution directions for Embion.

 

What Embion does after your report

 

After receipt of your report:

  • Will receive an email confirmation of the notification.
  • Will keep you informed of the progress of the assessment and any action to be taken by Embion.
  • Will your report be kept strictly confidential. Your personal data will not be provided to third parties without your consent.
  • Depending on the nature and severity of the vulnerability, Embion decides whether Embion EMS users should be actively informed. If so, a notification will be displayed in the Embion Hub after login.

 

Reward / bug bounty

 

Embion does not currently operate a bug bounty or reward program for reporting vulnerabilities. Reports are made on a voluntary basis. Of course, we greatly appreciate your efforts.