Rules of the game
We would like to ask you to only share the problem with Order2Cash’s experts and to refrain from making it public. In this way, we can keep our clients’ data safe. We appreciate it if you give us time to solve the problem.
When you investigate a vulnerability, please do not damage the software. You are not permitted to disclose information to anyone except Order2Cash. Moreover, it is not allowed to interrupt our services deliberately because you are investigating a problem.
It is possible that you do something which is illegitimate in your investigation. If you are acting in good faith, with due care, and in accordance with the rules below, you will not be prosecuted.
We would like to ask you:
- to describe clearly with your report how it is possible to abuse the security problem. Give a step-by-step explanation if you can.
- to not use any social engineering to get access to our systems.
- to not insert a back door in an information system to show the weak spot.
- to only do what is strictly necessary to show the vulnerability.
- to not copy, change or delete data. Send us only (minimal) information which you need to demonstrate the problem. Make a directory listing, for example.
- to minimize any attempts to gain access to the system and to not disclose any information about access gained to third parties.
- to not use any ‘brute force attacks’ to enter our systems.
- to submit only one security problem with each report.
- to reply if we need extra information about the problem you have found; to never contact Order2Cash’s staff directly or through any channels other than the form.