Responsible disclosure

At Showpad, privacy and security are our top priorities. We work to keep our service and related assets safe and secure. However, if you identify a vulnerability, we’d love to hear from you right away..

Do's

  • Email a report to vulnerability@showpad.com (either in English or Dutch) detailing what you found, how we can replicate your findings (including the URL, IP, screenshots, etc. ), and, if possible, how we can mitigate the vulnerability
  • Report in a manner that safeguards the confidentiality of the findings so that others do not gain access to the information

Don'ts

  • Take advantage of the vulnerability or problem you have discovered (examples: downloading more data than necessary to demonstrate the vulnerability or deleting or modifying other people’s data)
  • Perform a physical attack or use social engineering, distributed denial of service, spam, or third-party applications
    Repeatedly gain access to the system or share access with others
  • Make changes to the system
  • Perform actions that may lead to damages for Showpad or any of its users/customers or website visitors
  • Reveal any of this information without the consent of the Showpad Security Office

Our Promise

  • We will do our best to acknowledge receipt of your report within three business days
  • We will not undertake any legal action if you accept and apply all the rules above
  • We will treat your contribution with the necessary respect and will not reveal your personal data with any third parties without your consent unless we are legally required to do so. Findings can be shared using an alias
  • We will keep you updated on the progress of the fix

Interested in joining our HackerOne program?

If you are interested in joining our HackerOne program and collecting bounties for your findings, please contact the Showpad security team at vulnerability@showpad.com.