Responsible Disclosure | S4D
Our responsible disclosure policy explains how security researchers and users can report vulnerabilities to S4D so we can address issues quickly and responsibly.
If you discover a vulnerability, we would like to know about it so we can take steps to address it as quickly as possible. We would like to ask you to help us better protect our partners and our systems.
Please do the following:
- E-mail your findings to infosec@solutions4delivery.com.
- Do not exploit the vulnerability you discovered. For example, do not download more data than necessary to demonstrate the issue. Do not delete or modify other people’s data.
- Do not share the vulnerability with others until we resolve it.
- Do not use physical security attacks, social engineering, distributed denial-of-service (DDoS), spam, or third-party applications.
- Provide enough information for us to reproduce the issue. Include the affected IP address or URL and a clear description of the vulnerability. For complex issues, add further technical details if necessary.
What we promise:
- We will respond to your report within three business days. Our response will include an evaluation and an expected resolution timeline.
- If you follow the guidelines above, we will not take legal action regarding your report.
- We treat all reports as confidential. We will not share your personal details with third parties without your permission.
- We will keep you informed about the progress of the resolution.
- When we publish information about the reported issue, we will credit you as the discoverer, unless you prefer to remain anonymous.
- We aim to resolve all reported issues as quickly as possible. In addition, we would like to collaborate on the final publication after the issue has been resolved.
- As a token of appreciation, we offer a reward for each previously unknown security vulnerability. We determine the reward based on the severity of the issue and the quality of the report. The minimum reward is a €50 gift certificate.