Report vulnerabilities

The safety of your data is our top priority. That’s why we work hard to protect our systems. But did you nonetheless find a flaw in our security? Help us by reporting the vulnerability. Please do not make a vulnerability public, before working with us on a solution first. We are not trying to cover up our mistakes, but making a vulnerability public might have serious consequences for all our customers.

How can I report a vulnerability?

You can report a vulnerability by sending an email to [email protected]. If possible, encrypt your email with our GPG-key (ask for key) to prevent the information from falling in the wrong hands. Please explain in your e-mail the vulnerability you have found and provide us with enough information to reproduce and investigate the problem.

Can I report a vulnerability anonymously?

Absolutely. You are not required to provide your personal details.

The rules

You might have conducted illegal activities to discover a vulnerability. We will not report these activities or claim damages if you have followed these rules:

• act responsibly with the knowledge about the vulnerability, and do not perform any actions that go beyond what is necessary to demonstrate the flaw;
• do not cause any damages;
• do not use a denial-of-service attack or social engineering;
• ensure that your research does not lead to an interruption of our services;
• your research should never result in Roamler or customer data becoming public;
• never place a backdoor, not even to demonstrate a vulnerability;
• never modify or delete data. In case you need to copy data, never copy more data than strictly necessary;
• do not make any system changes;