Responsible information disclosure

Versie 1.1

Deze RID is voor het laatst aangepast op 20-12-2024.

Introduction

As a technology company in healthcare, we as Tinybots B.V. consider the security of our systems a top priority. But no matter how much effort we put into system security, there can still be vulnerabilities present.

If you discover a vulnerability, we would like to know about it so we can take steps to address it as quickly as possible. We would like to ask you to help us better protect our clients and our systems.

Please do the following:

• Use this form to inform our Incident Manager about your findings.
• Do not take advantage of the vulnerability or problem you have discovered, for example by downloading more data than necessary to demonstrate the vulnerability or deleting or modifying other people's data;
• Do not reveal the problem to others until it has been resolved;
• Do not use attacks on physical security, social engineering, distributed denial of service, spam or applications of third parties; and
• Do provide sufficient information to reproduce the problem, so we will be able to resolve it as quickly as possible. Usually, the IP address or the URL of the affected system and a description of the vulnerability will be sufficient, but complex vulnerabilities may require further explanation.
• If needed make use of our public encryption key to send details about the vulnerability. This key can be found at the bottom of this page.‍

What we promise:

• We will respond to your report with an initial response of reception within 5 business days;
• We will respond to your report within 4 weeks with our evaluation of the report and an expected resolution date;
• If you have followed the instructions above, we will not take any legal action against you in regard to the report;
• We will handle your report with strict confidentiality, and not pass on your personal details to third parties without your permission;
• We will keep you informed of the progress towards resolving the problem; and
• In the public information concerning the problem reported, we will give your name as the discoverer of the problem (unless you desire otherwise).

We strive to resolve all problems as quickly as possible, and we would like to play an active role in the ultimate publication on the problem after it is resolved.

‍‍

PGP Key:

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGdk1cYBEADIZC0dzKayX0SRe0vOAPGOMgpUYZ0NpukSraW9awzX8FZYQQZ/

yHKRHYgZKoqg+9Rd0Y1miJOPIDjlK4rmilg/+3udtOsr8H5lVo9cF0qx0L2jrUCx

UvXSLH8jlHsQUmsUvI1E5sJU1yntq9TCpX4k9m9gtihC5PzAaYs/VYHBnAqscYBO

3t2LmpCRTrTcgbETXroeCtxvosAIqsF1Vj2VbtCJshM8DpxDa01iwx7IIyT9oVrL

Yh0yo14PZnvqoTSosYggoqMmS+RqSq4+w2FSCwNf1ZUzV+kPOrWwLQpNv1944M/2

5Mz4hpjIUwKLJeNWNpb+E9THRwBxCUsY71kBGFbJbHg1xryRfZdU5h3RsJz/wUip

wGyOmZ5HoMUO73tf00h7oYYZeh98i8GrFGILhzKqiywuObvowegAgNzA7yck+0XM

FJb51uvJbeK2hFJQ5lA0wXdoK5QLoFuF69rel4jkkKFIm8qhKAU9L08FWpkIoLL5

Zi1lASfFzlTQh72VYXziMXo5b8JpGm4eK389toyEu8NRxff9KSEzLRxuMTjs60sp

mN/97koFUoe/VNenkc7ZLhzC/HRHLgxLwsQh+vVCD4/gW/5QFhI0YTJsbpqgo+vE

O+nBRDGsh41maPPZFo68ZTCjwR3nbJ4XlklL/bhgvX+SVOAzp1p/ysQbqQARAQAB

tDdJbmNpZGVudCBNYW5hZ2VyIFRpbnlib3RzIDxpbmNpZGVudG1hbmFnZXJAdGlu

eWJvdHMubmw+iQJXBBMBCgBBFiEE/GMqQV8/QBol0VaGDeFtmF23O0gFAmdk1cYC

GwMFCQHhM4AFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQDeFtmF23O0gD

lQ/9HeVAimtuu5j18HeGW3fO+hl2g3Kp3yiTqh11g1GXA35haM2VOTViy6RyQ5jd

5V6/c8B188aDQ3wpxpx+cyzIc5oWiN3MURkrAlN2vUf6Hq0FQVtXkqq7XsjZ5nWS

vGFsdl5WUcsTMemYtEoXtWqMnf0WfUb8tlBi8ZH74qMc/FubTzj0b5jQVVjNAoJY

1r6mtxi/ZtOTvDwsJtNflS6zES+AaUWPyiwkI8ut31pqKj4s3Jo459+1q97/ygGL

W5I8Z9AMHj7jXhdtl8ijbVmqfvW1vXmCmZ2v5jGOYEnzGPFUqxcKVxhIZlZrcOOE

f2tYKczvXv6wfBXBUfiiUldKDFym//aCKgAsMO4Ip6qxx+OwhD9+eF5RP5E4mfmh

mrpSZ85AY6GDF0OrI2UC0qMeto5QZ/XcAfArpKaqhDymBRZqABxseoIP1hSXhlYo

hK2+u33TFFmncJr2ZTxrn4JWUFxzYbmm3ZOLp7hf65Ifw1uFIAVWXdfieR8zdtll

hj5Zzy0BJK7v25oTkduQuNb05r9MbWawOw0XbLfxYpnMWLzisGQs6foFMYCUHGy/

opjjBVDu82UZ+d09qvZNRE5b8Ehovm29PihIZAPiTCn/SPqk+TG9WdYv890mN7Oa

nhsNIkxkvmbsJ5UkzcORCa00+99od4CcI7IfZAzCkstF0ie5Ag0EZ2TVxgEQANXg

QesIzBbX+yRIxbowgSU+YfUEhX2aLmktbQy7ki+yNsJ/y1xuzBo8n5U8A3PufQX1

jg8ssiK6K6bX6cKwXLYa5LCU9jBU3R3F7uplA96587AAUzCWqSLHAj74gf/pePvx

d+/+K+1i98M8LndAJh34RPg7Qg3nUezwAQ2he3iPZoOpHIceYzbkaw+s301lXp1I

ew6phFGG2lGIvgaTr9UldU0YLs7Wt1tp3u3tImYKGRBtW/JfU92M2gsdRW2S7c1r

2Q0HozZPwwhTI++fnJsMW48ZcglpaBjRGEdCdrQgZG7KQX+gjLI+0qwIYHPLAa6A

Q6qNuwJXwCwYPhPG6DkUzN9UuAl4fWHwfTV6xEZWijpDzKnZges33CdLB/vCbmGZ

Q80L0HlRTnWE0UwmLa8PxJ8zlQlInmdEWBIe3inFBAPrwKxyQh5OvtGtYp4oNnt8

HeG3DhwafgJGv9udgoSrk7qCVhQaMBjq/d0KoSHfqxZLUpNHWJwRbFkz1+pTfb5B

2LjDMxjAfbtzWMYIfqopDfsNtYPKU7NA7gqFvSkn+aYGH+pOTmzG6zhwdlh2Aazy

lpL+zGEkQzbN1mZdhVMO4cx1+Nl5UrVzjsKS2w1tDUKSsKAfLH7s4xOL9A0yCm1F

0GQaJ+ZTGUtfFqr7OUPvkmzrhFOyqTht93DyOEJzABEBAAGJAjwEGAEKACYWIQT8

YypBXz9AGiXRVoYN4W2YXbc7SAUCZ2TVxgIbDAUJAeEzgAAKCRAN4W2YXbc7SF9x

EACipMvvujMDue+iShGmCdL47XmQjXrZQL+2UXlPGNePsNlc+zVC8u2TYrXQ2oex

SOrR+E7HgSLEggibjtSEbVTLu5nvIr4tGF9dhEr/mlddZ2OhQ5yPm96iq4+DTGU9

Dnds+HAGfBIMzFmuBMPyonuZouUrFMJR4dZ2b8KXrLe7dewVdrTJ2RPV3sGn1l9W

FndlQhRf/tu8a4UygSWFxZ276WvNXsGj60H9DP+fNWpr/NhhH+aUTtxDHR+2G78Z

CDDfpt53QziratF0CuGduuRaEX8FXbPJ/Js41weFdChKiH9zZc6WkWTYi6iVFQtH

cUcsoRvrlxUNFz3aBQdWjBC/zIj47kXRoJ9sj59qUBT5lQKmueiRjPMULveVRkj2

e1SW0qVs4KdMjkS+sRpe6CzvF57QLTZoZ4MAFLsHqHW9rtvKwtzJ7zihLXIeHO7X

mKN4uw6wuQ4kiF77DdlW+e5H7/9X021BWXtPr8ZVJr3jUZwS0a60F+ZfqZI0RS15

e0cd8TCRMHVTYRJfWvlS4n9yJr387teNGMrKCq2xWkN6Nrew6C4qajj0OF9NIaWV

hrmfHPuwwefjxpT0eG2eGnkHIs5vIT69SRpBRR+eEPWpWfn/EyhHAlxgN6oep+Xb

tECWS5XSeeYzJK12gi2diATRADCCSYnt4pwHgixwbCvrpg==

=L95m

-----END PGP PUBLIC KEY BLOCK-----