How can I report a vulnerability in one of Megawatt Projects’ systems (Responsible Disclosure)?
We consider security of our systems very important.
You can report a vulnerability in one of our systems to Megawatt Projects at the email address info@megawattprojects.com.
Report the vulnerability before you disclose it to the outside world.
This way Megawatt Projects can take measures first.
This is called Responsible Disclosure.
What to think about with Responsible Disclosure If you report a vulnerability in one of our systems, consider the following things: – Provide enough information to reproduce the problem.
This will allow us to resolve the problem as quickly as possible.
Usually the IP address or URL (link) of the affected system and a description of the vulnerability is sufficient.
More complicated vulnerabilities may require more information.
– Please leave your contact information (email address and/or phone number) so we can contact you.
– Make the report as soon as possible after discovery of the vulnerability.
– Do not share information about the security problem with others until it is resolved.
– Handle knowledge about the security problem responsibly.
Do not take actions beyond what is necessary to demonstrate the security problem.
Do you meet these conditions when you report?
Then we will not attach any legal consequences to your report.
Do not exploit a weakness in our systems.
If you discover a vulnerability, do not abuse it.
For example by: – installing malware; – copying, changing or deleting data in a system (an alternative to this is making a directory listing of a system); – making changes to the system; – repeatedly gaining access to the system or sharing access with others; – using so-called “bruteforcing” of access to systems; – using denial-of-service or social engineering.
What we do with Responsible Disclosure Have you reported a vulnerability in our IT system?
With your report, we can prevent important information from falling into the wrong hands or being used for false or criminal acts.
We promise: – To respond to your report within 7 days with our assessment and an expected date for resolution.
– If you comply with the above conditions, we will not take any legal action against you in connection with your report.
– We will treat your report strictly confidentially and will not share your personal information with third parties without your consent, unless we are required to do so by law.
– We strive to resolve the problem as quickly as possible, and while the problem is being resolved, we will keep you informed of its progress.
In notifying you of the problem, we will include your name as the discoverer if you wish.