arrow-right arrow-down arrow ticket cross play doorway link hexagon divider facebook twitter instagram linkedin youtube divider-small dogs guy-with-dog locker stroller wheelchair checkmark double-arrow email phone search phone2 quotes icon-people icon-ruler icon-stars

Responsible Disclosure

At Madurodam, we believe the safety of our systems and our network to be very important. Despite our concern for the security of our systems, sometimes a weak spot may nevertheless be discovered. If this should be the case, please inform us as soon as possible so that we can take the necessary steps as soon as possible.

Weak spots can be discovered in two ways: you accidentally run into something during normal use of a digital environment, or you explicitly go out of your way to find a weak spot.

This policy is not an invitation to actively scan our network for vulnerabilities. We obviously monitor this ourselves. As far as our other systems or resources are concerned, you are free to actively search for vulnerabilities and report your findings to us. In view of accountability to our customers, this is not a call for hacking attempts on their infrastructure. However, we also want to hear from you as soon as possible as soon as vulnerabilities are found, so that we can remedy them adequately. We would like to cooperate with you to protect our customers and our systems to the best of our abilities.

We ask you: ·

  • Please email your findings to privacy@madurodam.nl.
  • Do not misuse the problem, for example, by downloading more data than is necessary to show the leak or to inspect, delete or modify data from third parties.
  • Do not share the problem with others until it is resolved, and delete all confidential data obtained through the leak immediately after closing the leak.
  • Not to use attacks on physical security, social engineering, distributed denial of service, spam or third-party applications.
  • Provide sufficient information to reproduce the problem so that we can solve it as soon as possible. Typically, the IP address or URL of the affected system and a description of the vulnerability is sufficient, but more may be needed with complex vulnerabilities.

What we promise:

  • We'll respond to your report within 5 business days with our assessment of the notification and an expected date for a solution.
  • If you respect the above terms, we will not take any legal action against you regarding the notification.
  • We will treat your notification confidentially and will not share your personal information with third parties without your consent, unless necessary to meet a legal obligation. Reporting under a pseudonym is possible.
  • We'll keep you informed of the progress in solving the problem.
  • In reporting on the reported problem, if you wish, we will mention your name as the discoverer.
  • As thank you for your help, we offer a reward for every report of an unknown security issue. The size of the reward is determined based on the severity of the leak and the quality of the report.

We strive to solve all problems as soon as possible, and we are gladly involved in a possible publication about the problem once it has been resolved.