Security Notification
The security of our systems is very important to us. We do everything we can to ensure that we provide safe products and services. The staff of the Network Operations Center monitor the systems and the network 24 hours a day, all year round.
Despite this continuous professional care for the security of our systems, it is possible that a (temporary) weak spot in our security is discovered, which we call a vulnerability.
Responsible Disclosure
If you have found a vulnerability in one of our systems (websites, network or in our products or services), we ask you to let us know as soon as possible. We will take immediate measures. If you report a vulnerability to us, you can always count on our full cooperation. We are happy to work with you to further improve our systems.
What do we ask of you?
Email your findings with examples and additional information to [email protected].
- Any information to be able to reproduce the problem is most welcome. This way we can solve the problem as quickly as possible. Usually, the IP address or URL of the affected system, including time and date and a description of the problem, is sufficient, but more complex issues may require more.
- Include your contact details (email address or phone number). Of course, you can also remain anonymous.
- Don't exploit a security vulnerability. If this does happen, it will lead to a police report. We define abuse as; Download and view more data than necessary, modify and delete more data than necessary. More information can be found in our applicable Code of Conduct for Responsible Disclosure.
- Not to share or publish the problem – or specific information about the problem – until we have resolved the issue.
- Delete all (confidential) data obtained from the vulnerability after you have shared this data with us.
- Not to use physical security attacks, social engineering attacks, malware deployment, distributed denial of service execution, spam runs, or use of hacking tools such as brute force.
This is what we promise you
We will respond to your report within 3 working days with our initial assessment of the potential vulnerability.
- We will keep you informed of the progress of resolving the vulnerability unless we are required not to do so.
- We will treat your report confidentially and will not share your personal data with third parties without your permission, unless we are obliged to do so.
- In any coordinated publication about the reported vulnerability, we will, if desired, mention your name as the discoverer.
- As a thank you for your help, we would like to reward you for every vulnerability report. The size of the reward is determined by a number of criteria, such as the size of the vulnerability report and the quality of the report. Of course, we will provide an appropriate reward (not in a monetary amount) for the vulnerability found. DELTA employees and parties who work on behalf of DELTA are excluded from participation. Of course, we have an internal reporting system available for this.
Together with you, we want to solve vulnerabilities as quickly as possible. We would like to be involved in any coordinated publication after the vulnerability has been resolved.
Other arrangements
We ask you to submit the report in Dutch or English. Reporting a security vulnerability is also subject to our Responsible Disclosure Code of Conduct.
This hotline is not for:
- Reporting malware such as viruses, adware, and ransomware.
- Reporting (suspected) fraud, fake emails and phishing emails.
- Submitting complaints about the service.
Would you like to report the above? Then you can also contact our Customer Service.
We are happy to work with you to further improve our systems. A report of a vulnerability is therefore very much appreciated. Thank you for helping us.