At Vignette & Visa B.V., the security of our systems is a top priority. Despite our best efforts to secure our infrastructure, vulnerabilities may still occur. If you discover a security issue, we kindly ask you to report it to us in a responsible manner so we can take prompt action to address it.
Reporting a vulnerability
If you identify a vulnerability, please adhere to the following:
Send your findings to .
Do not exploit the vulnerability, for example by downloading more data than necessary to demonstrate the issue or by deleting or modifying other users' data.
Do not disclose the vulnerability to others until it has been resolved.
Do not use methods such as attacks on physical security, social engineering, denial of service (DDoS), spam, or third-party application attacks.
Provide sufficient detail to allow us to reproduce the issue, such as the IP address, affected URL, and a clear description. Complex issues may require additional context.
Our commitment
Provided that you comply with the guidelines above, we commit to the following:
We will acknowledge receipt of your report within three business days and provide an initial evaluation and estimated timeline for resolution.
We will not pursue legal action against you in relation to the report, provided it is submitted in good faith.
We will handle your report with strict confidentiality and will not share your personal details without your explicit permission.
We will keep you informed of the progress made in resolving the issue.
We will credit you publicly as the discoverer if you wish.
We offer a reward for reports that reveal previously unknown security issues. The reward amount is determined based on the severity of the issue and the quality of the report, with a minimum of a €50 gift certificate.
We strive to resolve security issues as quickly and thoroughly as possible, and we encourage cooperation in responsible disclosure and post-resolution publication where appropriate.