Responsible Disclosure

At KNALGEEL, we consider the security of our systems to be of great importance. Despite our efforts to secure our systems, it is possible that there may be a weak spot.

If you have found a weak spot in one of our systems, we would like to hear from you so that we can take measures as quickly as possible. We would like to work with you to better protect our customers and our systems.


We ask you

  • To email your findings to [email protected].
  • Not to misuse the problem by, for example, downloading more data than necessary to demonstrate the leak or inspecting, removing, or modifying data from third parties,
  • Not to share the problem with others until it has been resolved and to delete all confidential data obtained through the leak immediately after the leak has been closed,
  • Not to use physical security attacks, social engineering, distributed denial of service, spam, or third-party applications, and
  • Provide sufficient information to reproduce the problem so that we can solve it as quickly as possible. Usually, the IP address or URL of the affected system and a description of the vulnerability is sufficient, but more may be necessary for more complex vulnerabilities.

We promise you

  • We will respond to your report within 3 days with our assessment of the report and an expected date for a solution,
  • If you have complied with the above conditions, we will not take any legal action against you regarding the report,
  • We will treat your report confidentially and will not share your personal information with third parties without your permission unless it is necessary to comply with a legal obligation. Reporting under a pseudonym is possible,
  • We will keep you informed of the progress in solving the problem,
  • In reporting on the reported problem, we will, if you wish, mention your name as the discoverer, and
  • As a thank you for your help, we offer a reward for every report of a security problem that is still unknown to us. The size of the reward is determined by the severity of the leak and the quality of the report, with a minimum of a €20,- voucher.

We strive to solve all problems as quickly as possible and we would like to be involved in any publication about the problem after it has been solved.

We explicitly exclude the following types of security problems from our Responsible Disclosure policy:

  • Missing DMARC-records
  • Version disclosure
  • Web.config files. We are not using IIS, so this does not present a vulnerability
  • (D)DOS attacks
  • Problems that amount to self-XSS
  • Error messages without sensitive data
  • Reports from which software we use can be deduced
  • Problems that require the use of heavily outdated operating systems, browsers or - obsolete plug ins
  • Problems that are already known to us

KNALGEEL is here for your

new app. API integration. b2b platform. social campaign. digital solution. sleek website. consultancy. inspiration. b2c app. brilliant idea.