Crunchr takes security and privacy very seriously and investigates all reported vulnerabilities. Despite the effort we put into the security of our services every day, vulnerabilities can still be present. This page describes our practice for addressing potential vulnerabilities in any aspect of our services.
Have you discovered a security or privacy vulnerability in Crunchr services? Please report it to us. We welcome reports from everyone, including customers, security researchers and developers. This kind of report is known as a Coordinated Vulnerability Disclosure (CVD).
To report a vulnerability, please send an email to email@example.com that includes:
The specific services which you believe are affected
A description of the behavior you observed as well as the behavior that you expected
A description of the issue found as explicitly and detailed as possible. Provide sufficient information to reproduce the problem so that we can resolve it as quickly as possible. Complex vulnerabilities may require further explanation. You can use step-by-step instructions, screenshots or video demonstration for this. Feel free to provide any supporting material (Proof of Concept code, tool output, etc.) that would be useful in helping us understand the nature and severity of the vulnerability.
Your e-mail address or telephone number to enable us to contact you if we have any questions. We prefer to communicate via e-mail.
Offering a solution is highly encouraged but not required. Be assured that your notifications will be received by specialists. We only accept reports that are sent in the English or Dutch language.
Crunchr will not process or reward vulnerability reports that cannot be abused or are trivial. Trivial reports include reports of (public) vulnerability scanners (e.g. port scanners). The following are examples of known and accepted vulnerabilities that are outside the scope of this CVD process:
This list of exclusions is derived from a list used by the CERT of SURF (https://www.surf.nl/en/responsible-disclosure).