1. Purpose

This policy establishes a clear and secure framework for security researchers, ethical hackers, and other stakeholders to report vulnerabilities they discover in our information systems. The goal is to mitigate these vulnerabilities before they can be exploited maliciously, thereby enhancing the security of our services and maintaining public trust.

2. Scope

This policy applies to all digital systems, applications, and services that we operate or are responsible for. It also extends to third parties acting on our behalf.

3. our commitments

We commit to:

• Remediate or mitigate the vulnerability within a reasonable timeframe, depending on its severity and complexity.
• Keep the researcher informed about the progress of remediation efforts.
• Credit the researcher publicly for their contribution, unless they request to remain anonymous.

4. Expectations for researchers

We expect researchers to:

• Act in good faith and in compliance with applicable laws.
• Avoid actions that could lead to system disruption, data loss, or compromise.
• Not publicly disclose the vulnerability before we have had the opportunity to resolve it.
• Provide sufficient detail to help us understand and reproduce the issue.

5. Confidentiality and data protection

All information provided under this policy will be treated confidentially. The personal data of researchers will be protected in accordance with the General Data Protection Regulation (GDPR).

6. Contact

To report a vulnerability or for any questions regarding this policy, please contact us at: cvdp@aerospacelab.com

This policy is based on the recommendations of the Centre for Cybersecurity Belgium (CCB).