KPD is committed to the security and privacy of our systems and our users’ data. We appreciate the help of security researchers and the broader community in identifying vulnerabilities. If you discover a security flaw in our systems, we encourage you to report it to us . This Responsible Disclosure Policy explains how you can report vulnerabilities and what you can expect from us in return for your cooperation. By following these guidelines, you help us resolve potential issues quickly and effectively.
Scope
This policy applies to the following systems and services: www.kpd.be, connect.kpd.be, help.kpd.be, and online.kpd.be
Out of scope
The following activities are explicitly outside the scope of this policy:
- Physical security testing.
- Social engineering, such as phishing attempts.
- Denial-of-Service (DoS) attacks or any actions that disrupt the availability of our systems.
- Vulnerabilities in third-party services or applications integrated with our systems.
Guidelines for researchers
To protect the security of our systems and the privacy of our users, we ask you to follow these rules:
- Do not exploit the vulnerability beyond what is necessary to demonstrate its existence.
- Ensure that you do not disrupt our systems and respect data confidentiality.
- Test only on systems explicitly listed within the scope of this policy.
- Provide sufficient information to help us reproduce and validate the vulnerability.
- Do not disclose or publish the vulnerability before we have resolved it.
How to report a vulnerability
If you identify a potential vulnerability, please send your findings to us via:
E-mail: marketing@kpd.be
To help us understand and resolve the issue quickly, please include the following information in your report:
- A clear and concise description of the vulnerability.
- Steps to reproduce the issue, including relevant URLs, requests, or parameters.
- If applicable, a proof-of-concept or screenshots.
- Your contact details so we can reach out for further questions.
- If you prefer to encrypt your report, please use a PGP key.
What you can expect from us
When you report a vulnerability in accordance with this policy, you can expect the following:
- Acknowledgment: You will receive a confirmation of your report within 3 business days.
- Evaluation: We will assess the vulnerability and contact you if additional details are needed.
- Resolution: We will resolve the issue as quickly as possible and keep you updated on our progress.
Safe Harbor
If you comply with this Responsible Disclosure Policy, we will not take legal action against your security research activities. However, this assurance does not apply if you violate the law, breach this policy, or cause harm to our users or systems.
Thank you for helping us maintain the security of our systems. If you have any questions about this policy, please contact us at marketing@kpd.be.