Responsible Disclosure
Report security vulnerabilities in our platform responsibly.
We take security seriously. If you discover a vulnerability in nisd2.eu, we want to hear about it: before anyone else can exploit it.
How to report
Send an email with a description of the vulnerability, steps to reproduce, and potential impact to:
Please encrypt your message if it contains sensitive security details. We can provide our PGP key on request.
Our process
- Acknowledgement within 2 business days
- Initial triage within 5 business days
- Critical vulnerabilities are prioritised over all other work; fix timeline depends on severity and complexity
- We notify you when the fix is deployed
- Credit in our changelog on request (with your consent)
In scope
- Web application at nisd2.eu and www.nisd2.eu
- API endpoints
- Authentication and authorisation logic
- Data privacy and unauthorised access to customer data
Out of scope
- Social engineering or phishing against our staff
- Denial-of-service attacks
- Vulnerabilities in third-party services (please report directly to the vendor)
Our commitments
We will not pursue legal action against security researchers who follow this policy. We treat your report in confidence and will not share your details without your consent.