Responsible Disclosure

At NxtPort, we consider the security of our systems very important and value the safety of our community. By sharing security vulnerabilities publicly, we can ensure the security and privacy of our users.

Guidelines

We expect all clients and researchers:

  • to make every effort to avoid privacy violations, degradation of the user experience, disruption of the production system and destruction of data during security testing;
  • to conduct research only within the scope below;
  • to use the identified communication channels to report information about vulnerabilities to us;
  • to keep information about any vulnerabilities you have discovered confidential between yourself and NxtPort until the problem is resolved.

 

If you follow these guidelines when you report a problem to us, we commit:

  • not to undertake or support any legal action in connection with your research.
  • to work with you to understand and resolve the problem quickly (including initial confirmation of your report within 72 hours of submission).

Scope

  • the Inbound Release Platform
  • the NxtPort console API application

Beyond the scope

All services hosted by external suppliers are outside the scope. These services include:

  • my.portofantwerpbruges.com
  • Alfapass
  • Microsoft Azure

 

In the interest of the security of our users, staff, the Internet in general and you as a security researcher, the following test types are outside the scope:

  • findings from physical tests, such as access to offices (e.g. open doors, tailgating)
  • findings arising primarily from social engineering (e.g. phishing, vishing)
  • findings from applications or systems not listed in the scope
  • UI and UX errors and spelling mistakes
  • Denial of Service vulnerabilities (DoS/DDoS) at the network level

 

Things we do not want to receive:

  • Personally identifiable information (PII)
  • Credit card holder details

How do I report a security vulnerability?

If you believe you have discovered a security vulnerability in one of our products or platforms, please submit your vulnerability report through the support portal. Please add the following details to your report:

  • a description of the location and potential impact of the vulnerability
  • a detailed description of the necessary steps to reproduce the vulnerability (POC scripts, screenshots and compressed screenshots are all useful to us)
  • your name or attribution