Responsible Disclosure Policy
At Klarrio, we give top priority to securing our IT assets. As part of our safety policies and procedures, we proactively apply software updates and implement patch management. Additionally, we regularly scan our IT assets to detect potential security issues.
We realize that securing computer networks, systems, software, and devices is a continuous process, where security issues could still occur. Therefore, we greatly appreciate any feedback about potential security risks, if disclosed responsibly.
Keep it ethical and proportionate
The Belgian law provides a legal framework for responsible vulnerability disclosure, provided certain conditions are met:
- You must limit yourself strictly to the facts necessary to report a vulnerability. Thus, you must not act beyond what is necessary and proportionate to verify the existence of a vulnerability.
- You must act without fraudulent intent or design to harm.
- As soon as possible after the discovery of the potential vulnerability (and at the latest at the time of reporting to the national CSIRT), you must inform the organization responsible for the system, process, or control of the vulnerability.
- You must report the discovered vulnerability as soon as possible to the CCB (in the absence of a CVDP), in writing and according to the procedures described in point D of the CCB policy.
- You must not publicly disclose information about the discovered vulnerability without the agreement of the national CSIRT (CCB).
For more information, visit https://ccb.belgium.be/en/vulnerability-reporting-ccb.
Share your findings
You can share your findings by sending an email to security@klarrio.com. Please provide enough information so we can reproduce the problem.
This policy was last reviewed and updated on January 2024
© 2024 – Klarrio BV
Plantin en Moretuslei 1A
2018 Antwerp
Belgium
Tel: +32 (0)3 296 87 06
Email: info@klarrio.com
VAT: BE 0655.941.021
Responsible Disclosure Policy
All Rights Reserved