Skip to main content

Vulnerability reporting

At Worldstream, the security of our systems is hugely important. But despite all security measures, vulnerabilities may still be present. If you discover a vulnerability on our website, we would like to know about it so we can take steps to rectify it as soon as possible. We describe below how you can help us better protect our customers and our systems.

If you wish to report a vulnerability, please do the following:

  • E-mail the findings to our security team by clicking here. Encrypt the findings with our PGP key, to prevent this critical information from falling into the wrong hands;
  • Make sure that the report is within this program, for which we refer you to the Worldstream website. Specifically, this is worldstream.nl and worldstream.com;
  • Do not misuse the vulnerability or problem that has been discovered, for example, by downloading more data than necessary to demonstrate the vulnerability or by deleting or altering others’ data;
  • Do not disclose the problem to others until it is resolved;
  • Do not use the vulnerability to launch attacks on physical security, social engineering, distributed denial of service, spam, or third-party applications;
  • Provide sufficient information so that the problem can be reproduced, allowing us to resolve it as soon as possible. Usually, the IP address of the affected system or a URL and a description of the vulnerability are sufficient, but for complex vulnerabilities, further explanation would be helpful.

What we promise:

  • We will respond to the report within 10 business days with our evaluation of the report and an expected date for resolution;
  • If you have followed the instructions above, we do not need to take any legal action regarding the report;
  • We will keep the report strictly confidential and will not provide your personal information to third parties without permission;
  • We will keep you updated on the progress made in resolving the problem;
  • In public information about the reported problem, we will include your name as the discoverer of the problem (unless otherwise agreed);
  • As a token of our gratitude for the help provided, we offer a reward for any report of a security problem that was not already known to us. The amount of the reward is determined based on the severity of the leak and the quality of the report. The minimum reward is €50.

We strive to resolve all problems as quickly as possible and we would like to take an active role in publishing about the problem after it is resolved.

We are here for you

Contact us with no surprises

Chat with us

Ask your question via chat for a quick response

Make an appointment

Prefer to meet face-to-face? No problem, book a time that suits you

Call us

Of course, we’re also available by phone for any questions or feedback