eLabNext Coordinated Vulnerability Disclosure Policy

At eLabNext, the security of our systems is a top priority. We will do whatever we can to adequately protect our systems and applications. If you nonetheless discover a vulnerability in one of our systems, we would like to know about it. We can then take steps to address the problem as quickly as possible. As a token of our appreciation for your help, we offer a reward for any first report of an unknown vulnerability.

What we ask from you

  • Stay in scope, use https://sandbox.elabjournal.com or https://preview-developer.elabnext.com/ for your tests.
  • Send an email of your findings to security@elabnext.com. If you only want to send your email encrypted, please inform us at the above email address. We will send you instructions on how to send us encrypted information.
  • Provide sufficient information to reproduce the problem. Usually, the IP address or the URL and a description will do, but complex vulnerabilities may require further explanation.
  • Do not misuse or exploit the vulnerability or problem, for example by downloading more data than necessary. Or by consulting, deleting or modifying other people’s data.
  • Do not reveal the problem to others until it has been solved. Did you obtain confidential data through the leak? Delete these as soon as the problem has been solved.
  • Do not use attacks on physical security, social engineering, distributed denial of service, spam or applications of third parties.

The email address security@elabnext.com can only be used for notifications of vulnerabilities in our security measures. Any other questions or remarks relating to the use of the eLabNext website will not be answered.

 

What we promise

  • We will respond to your report within 3 business days. We will provide our evaluation of the report and an expected solution date. Also we will classify the vulnerability as low, medium, high or critical.
  • We will handle your report with strict confidentiality. We will not share your personal details with third parties, unless we are under legal obligation to do so. You can also report a problem anonymously.
  • We will keep you updated on the progress of the solution to the problem.
  • In any public information concerning the problem, we will give your name as the discoverer of the problem. But only if you want us to.
  • We offer a reward for any first report of an unknown vulnerability. The exact reward will be determined by the severity of the vulnerability and the quality of the report, ranging from an honourable mention to a monetary reward.
  • We strive to resolve any vulnerability as soon as possible.

If you have followed the instructions above, we will not take any legal action against you in regard to the report.

 

Rewards based on severity

Severity incident Reward
Critical Honourable mention, eLabNext goodybag, 500 euro
High Honourable mention, eLabNext goodybag, 250 euro
Medium Honourable mention, eLabNext goodybag
Low eLabNext socks & Tony’s (selected quality Dutch chocolate)

 

Start your journey to an
All Digital Lab today!

Schedule a Personal Demo for friendly expert guidance and a free lab workflow assessment.

en_GBENG