Responsible disclosure

At BIM-Connected, the security of our systems is a top priority! Despite our extensive efforts to secure them, vulnerabilities may still exist. If you discover a vulnerability, we want to know so we can address it promptly. We encourage you to help us protect our clients and our systems by reporting any vulnerabilities. This approach is known as our “Coordinated Vulnerability Disclosure Policy.”

Assistance in discovering vulnerabilities

We kindly ask for your assistance in protecting our customers and our systems by following these guidelines:

1. Report Findings:

   • Email your findings to incidents@bim-connected.com.

2. Avoid Exploiting Vulnerabilities:

   • Do not exploit the vulnerability or issue you have discovered. This includes downloading more data than necessary to demonstrate the vulnerability, or deleting or modifying data of others.

3. Confidentiality:

   • Do not disclose the problem to others until it has been resolved.

4. Refrain from certain attacks:

   • Do not perform attacks on physical security, use social engineering, distribute denial of service attacks, spam, or use third-party applications.

5. Provide Sufficient Information:

   • Provide enough information to reproduce the problem, so we can resolve it as quickly as possible. Usually, the IP address or URL of the affected system and a description of the vulnerability will suffice, but more detailed explanations may be necessary for complex vulnerabilities.

Our promise on reported vulnerabilities

As BIM Connected we promise to:

1. Response Time:

   • respond to your report within 3 business days with our evaluation and an expected resolution date.

2. No Legal Action:

   • will not take legal action against you regarding the report, If you have followed the above instructions.

3. Confidentiality:

   • treat your report with strict confidentiality and will not share your personal details with third parties without your consent.

4. Progress Updates:

   • keep you informed of the progress towards resolving the problem.

5. Recognition:

   • will credit you as the discoverer of the issue (unless you wish otherwise).

6. Reward:

   • as a token of our appreciation, offer a reward for every security issue that was previously unknown to us. The reward amount is determined based on the severity of the vulnerability and the quality of the report, with a minimum reward of a €50 gift voucher and a BIM-Connected hoody.

We strive to resolve all issues as quickly as possible and look forward to collaborating on the eventual publication about the problem once it is resolved.

Thank you for your contribution to the security of our systems.

BIM-Connected

Torenallee 110, 5617 BE, Eindhoven
+31 (0)40 2201943