Responsible Disclosure (EN)

At Pathé we find the security of our systems, website and apps very important. We are constantly working to further optimize our security. Although we do our utmost best, it can happen that there is unforeseen a vulnerability. If you have found vulnerability we would like to hear this so that we can take measures as quickly as possible.
 
We ask you:

  • Submit your findings by using the following URL: https://app.zerocopter.com/en/rd/acdcedd1-2d67-4ce2-8d97-0f74ecbc2701
  • Not to abuse the vulnerability by, for example, downloading more data than is necessary to prove the leak or to view, delete or modify data.
  • Do not share the vulnerability with others until it is resolved and delete all confidential data obtained through the leak immediately after closing the leak.
  • Provide us with sufficient information to reproduce the problem so that we can solve it as quickly as possible.
 
What we promise:
  • We will respond to your report within 3 working days with our assessment of the report and an expected date for a solution.
  • We will treat your report confidentially and will not share your personal information with third parties without your permission, unless this is necessary to comply with a legal obligation.
  • We do not take legal action if you comply with the conditions set by us regarding your finding.
  • We keep you informed of the progress of the problem.
  • As a thank you for your help, we offer a reward for every report of an unknown security problem.
The Out-of-Scope on our CVD program are the following domains and the related mobile apps:
  • pathe-thuis.nl (CVD)
  • pathe.com / patheinternational.com - or other .com domains related to pathe.com
  • pathe.fr - or other .fr domains related to pathe.fr
  • pathe.be - or other .be domains related to pathe.be
  • euroscoop.be - or other .be domains related to euroscoop.be
  • pathe.ch / pathefilms.ch - or other .ch domains related to pathe.ch
  • pathe.uk - or other .uk domains related to pathe.uk
 The above text is a modified version of Floor Terra's original Responsible Disclosure text. The original text can be found at responsibledisclosure.nl/en