Wehkamp takes the security of its systems and website very serious. We continuously work on improving the security of our systems, the data availability of the website and the protection of our customers against abuse. Despite our concern for the security of our systems, there may still exists vulnerabilities.

Collaborate

Are you an expert in the field of Internet Security and do you have discovered a potential vulnerability? Then we ask for your cooperation. If you have found a vulnerability please let us know so we can take appropriate measures as soon as possible. We would like to work with you to better the protection for our customers and our systems.

How do you make a report?

You can report your findings through this website. After receiving your notification, we will examine it. You will receive (first) response from us within 2 working days. You will get continuously updated with any progress until the finding has been fixed.

Rules

During your research you will likely perform actions that normally would be punishable by law. If you act according to the rules for reporting vulnerabilities in our systems, there is no reason for Wehkamp to either report or to submit a claim. Please note, it is ultimately up to the Public Prosecutor who decides whether or not there is any suspicion of committing criminal offenses.

• Do not abuse the problem by, for example, downloading more data than is necessary to demonstrate the vulnerability or by looking, removing or modifying data of third parties;
• Do not make any changes to systems;
• Do not place a backdoor into an information system. Also not in the case to show the vulnerability. Backdoors can cause additional damage and open up other unnecessary security risks;
• Make minimum use of a vulnerability;
• Do not make use of social engineering in order to gain access to a system;
• Do not try more often than necessary to obtain access to the system;
• Do not use brute force techniques (repeatedly trying passwords for instance) to access the system;
• Do not share the problem with others until it is fixed and delete all confidential data obtained through the leak immediately after the closing of the leak;
• Protect your own system as much as possible.

#Your privacy We will ask you for your personal information to communicate with you in response to the notification. We never share your personal information without your consent to third parties, unless a legal obligation exists.

National Cyber Security Center

This scheme is based on the Guidelines to establish a practice of Responsible Disclosure as prepared by the National Cyber Security Centre of the Ministry of Security and Justice of the Netherlands.

The Netherlands, Zwolle, February 2017