At Jaarbeurs, we consider the security of our systems important. Despite our care for the security of our systems, there may still be a weakness.

If you have found a vulnerability in any of our systems we would like to hear about it so that we can take action as soon as possible. We take reports seriously and will investigate any potential security problem.

To be clear, this responsible disclosure is not an invitation to conduct extensive checks and tests on our websites and systems for vulnerabilities. We regularly do this ourselves.

What do we ask of you?

• Email your findings to jaarbeurs. Encrypt the details of your findings via our file transfer environment to prevent the information from falling into the wrong hands;
• Sharing your contact details (e-mail address and phone number) with us so that we can reach you for smooth cooperation;
• Not abusing the problem by, for example, downloading more data than necessary to demonstrate the vulnerability or viewing, deleting or modifying third-party data;
• Do not share the problem with others until it is fixed and delete all confidential data obtained through the vulnerability immediately after fixing the vulnerability;
• Do not use physical security attacks, social engineering, distributed denial of service, spam or third-party applications;
• Provide sufficient information to reproduce the problem so that we can resolve it as soon as possible. Usually the IP address or URL of the affected system and a description of the vulnerability is sufficient, but more may be required for more complex vulnerabilities.

What can you expect from us?

• We will respond to your report as soon as possible and provide an expected date for resolution;
• We treat your report confidentially and will not share your personal data with third parties without your consent unless necessary to comply with a legal obligation.
• Reporting under a pseudonym is possible;
• We will inform you further when the issue will be communicated externally;
• We aim to resolve all problems as soon as possible and we are happy to be involved in any publication about the problem after it is resolved.

Take into account legislation

If you have complied with the above conditions, we will not have to take any legal action regarding the report. However, we cannot promise that you will not be prosecuted if you commit offences during your investigation. So please be careful not to commit any illegal acts that we have to report to the authorities.