Coordinated Vulnerability Disclosure

Discover a weak spot in the security of this website or TestVision? Let us know before you make it known to the outside world. This is called the  Coordinated Vulnerability Disclosure.

Policy Coordinated Vulnerability Disclosure

At Teelen, we consider the security of our systems to be very important. Despite our care for the security of our systems, it can happen that there is still a weak spot

If you have found a weak spot in one of our systems, we would like to hear about it so that we can take measures as quickly as possible. We would like to work with you to better protect our customers and our systems.

Regarding TestVision, you are cordially invited to actively search for vulnerabilities in a non-production environment, provided that you report your findings exclusively to us.

We request you:

  • Send your findings as soon as possible to  .
  • Do not send confidential data via an unsecured email message; we would be happy to choose a better secured channel in consultation.
  • Do not misuse the discovered weakness by downloading, changing, or deleting more data than necessary to demonstrate the vulnerability, especially when it concerns our customers’ data. We always take your report seriously and will investigate any well-founded suspicion of a vulnerability, even without ‘proof’.
  • Do not share the problem with others until it is resolved.
  • Do not use attacks on physical security, social engineering, or hacking tools such as vulnerability scanners and tools to cause overload.
  • Please provide us with enough information to reproduce the issue so we can resolve it quickly. Usually, the IP address or URL of the affected system is sufficient, but for complex vulnerabilities, we would like to receive more information.
  • You will delete all confidential data obtained in your research immediately after we have resolved the vulnerability.

We promise you:

  • We will respond within three working days to your report with our assessment of the report and an expected date for a solution.
  • If you adhere to the above rules, we will not take legal action regarding your report.
  • We will handle your report confidentially and will not share your personal data with third parties without your permission. An exception to this is the police and justice, in case of a report or if the data is requested. It is also allowed to report under a alias.
  • We will keep you informed about the resolution of the problem.
  • In communications about the reported problem, we will, if you wish, mention your name as the discoverer.
  • In appreciation for your help, we offer a reward for every report of a security issue unknown to us. The size of the reward will be determined based on the severity of the vulnerability and the quality of the report, with a minimum of a €50 gift certificate.