report vulnerability

report vulnerability

coordinated vulnerability disclosure

At Aalberts Advanced Mechatronics, we place great importance on the security of our infrastructure. Despite
all the precautions we take, vulnerabilities may still be discovered. If you identify a weakness in one of our
systems, we would greatly appreciate it if you could notify us as soon as possible, allowing us to take
immediate action to resolve the issue.

What we ask of you:

  • No Bounty Hunting, which means our disclosure is not for those solely seeking financial gain (“bounty hunters”). We welcome ethical hackers who focus on improving security and responsibly disclosing vulnerabilities. Reports driven purely by financial motives or aimed at maximizing rewards are not appreciated.
  • Report your findings to vulnerability@aalberts-am.com and encrypt any sensitive information using our PGP key. You can find the PGP key at: https://aalberts-am.com/pgp-key.txt.
  • Do not abuse the vulnerability, for example, by viewing, downloading, modifying, or deleting more data than is necessary to demonstrate the problem.
  • Do not disclose the vulnerability to others until it has been resolved. Once the issue is fixed, please delete all confidential data obtained through the vulnerability.
  • Do not use attacks such as social engineering, physical security attacks, distributed denial of service (DDoS), spam, or third-party tools.
  • Provide sufficient information to reproduce the problem, such as the URL or IP address of the affected system and a detailed description of the vulnerability. For more complex issues, additional information may be required.
 

Our commitments:

  • Response within 5 business days, with an acknowledgment of the report and an estimated resolution time.
  • No legal action will be taken, provided that you adhere to the conditions outlined above.
  • Confidential handling of your report, your personal information will not be shared without your permission, unless we are legally obligated to do so.
  • Transparency regarding the progress of the investigation and resolution of the vulnerability.
  • Recognition of your contribution as the discoverer in our communications about the issue (if desired) on our wall of fame.
  • Rewards are determined by the impact of the vulnerability on the availability, integrity, or confidentiality of our systems and data. Our internal team assesses the severity, and rewards are provided as fixed Amazon gift cards. To ensure fairness and clarity, we do not negotiate the amount of the reward under any circumstances.
 

We strive to resolve any vulnerability as quickly as possible and look forward to hearing from you when you find a vulnerability. We would also like to be involved in any publications about the issue once it is resolved.

Thank you in advance for your help and cooperation.

Security Team A-AM
vulnerability@aalberts-am.com