Responsible disclosure policy

Principles

We consider the security of our systems a top priority. But no matter how much effort we put into system security, there can still be vulnerabilities present.

If you discover a vulnerability, we would like to know about it so we can take steps to address it as quickly as possible. We would like to ask you to help us better protect our clients and our systems.

Please do the following:

E-mail your findings to itsecurity@bakkafrost.com. Encrypt your findings using our PGP key to prevent this critical information from falling into the wrong hands;
Do not take advantage of the vulnerability or problem you have discovered, for example by downloading more data than necessary to demonstrate the vulnerability or deleting or modifying other people's data;
Do not reveal the problem to others until it has been resolved;
Do not use attacks on physical security, social engineering, distributed denial of service, spam or applications of third parties; and
Do provide sufficient information to reproduce the problem, so we will be able to resolve it as quickly as possible. Usually, the IP address or the URL of the affected system and a description of the vulnerability will be sufficient, but complex vulnerabilities may require further explanation.

What we promise:

We will respond to your report within 3 business days with our evaluation of the report and an expected resolution date;
If you have followed the instructions above, we will not take any legal action against you in regard to the report;
We will handle your report with strict confidentiality, and not pass on your personal details to third parties without your permission;
We will keep you informed of the progress towards resolving the problem;
In the public information concerning the problem reported, we will give your name as the discoverer of the problem (unless you desire otherwise); and

We strive to resolve all problems as quickly as possible, and we would like to play an active role in the ultimate publication on the problem after it is resolved.

GPG key fingerprint: 40F240A2FA6FF1D42F7C0D57B0598F3E04E03674

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGY7QBMBEACvRrSxnVI920HNssgLTKpFl3oGZ/00O/RDGzwAzOptzR0UgvH2
n6Folcj8iQgP+qlj9wtPzj3CRKQ6adUfq3SoM2nJIqk8pOActzNtamnZG+O9x7br
GiZ2GirhThWh/YjxvPqtz7evTIpMmUEve4pVF6mAF0+YMx39eY5MKcyKfRD+pL/o
pzlVqO0Gquc2LHcqaSBFN5gymg118XGZQRnAA7C8CB6FPIwbihpuJU1i71l3DLv6
u9UMT1skvItMrYMUwLturdwNSWfhaJRoAgPg4cf2O4fogWK/YN0NV9xfy8h+MqU2
2Y8nqQvLeP1gsqhGFFP/oJIuwBewkEebJGW6y/9fTpNvSJxQx29ZXeP6UzJuy95a
+LiwnesjEHGh8Pqj3Y3UEP5/1K8PqJb+nO2wrXk8BAm31iL8df0fXF1MCNKeYCIi
CccskrkveJXgXoXtIpa1P3+pZ8xJodrnNwygV9S3i41fds+htguVJJlW4XEPgEH0
cWSv9xmN/seNYPQz186iADoZ2mx3FrBWdR1rxTdLciDVlCNrCaxO9QKeOpeqDFmy
DyvVUtU5CiUNUgbkWN8IsztlbH4hNyCQJBlEl5g2OhUvkGu+3HI+hnajDPEUoGEn
fDq0+7dmieVwUxqvn1Hk6F1gbYJU2o2jkQjg2yQukYqfNY2+X4zDSTXSHwARAQAB
tGRyZXNwb25zaWJsZV9kaXNjbG9zdXJlX2tleV9iYWtrYWZyb3N0IChMeWtpbCB0
aWwgcmVzcG9uc2libGUgZGlzY2xvc3VyZSkgPGl0c2VjdXJpdHlAYmFra2Fmcm9z
dC5jb20+iQJOBBMBCgA4FiEEQPJAovpv8dQvfA1XsFmPPgTgNnQFAmY7QBMCGwMF
CwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQsFmPPgTgNnScpxAAjBx6lwB83jrI
NEVyFVChkJbUjUfd+GMpPA2ldL/FvPNUKIPoPjLBLUEM943fk3Pn0Jx3CCTFZ9Ge
tBEqbI5Ey/BKRIuL6glubNAXrN3UJVypWh/4bkfDzmOpuGOETfeGt94cjd/96IFP
4C+D7S7LAG5iSQtrO4O1PdObLaCYjkZXXOX2VA6jaxupPqr9H5ElW7r09s91/p5J
EpazcpHHCRxyf50NjCzFBGTvR+DvapqNZcPWEBhH4Vx+xUOgAoO2L0GJl/IOnGGu
MbBrbmTDlZPnR+W+st/pxCNuXuJD4a3FHpc3yoiISpl3a6EG63Eh7DIE4CKM7gDd
T99/tZ/FL5YDIxsKgl4AWNebZ5rlJwagouWv72FKO8UgbPD0NeyyB0VFdaeSAeiZ
/0hCf/rP0YqdYwzVEx9dU5w3LfZoPYd0LgMkU6AQFAMNVtK5OZkw2LNptjO5waLe
q/86Ulqq4maYfcnpVIMZekI9RXIjy8VxkLGOZVYg8ujubjpkJQ+m/X50aGOCD+ky
XHKzS/QouT4EPyHrf6OBEx27TJENOUTfXArcl0owdiyMijcd2L24lVLylUShb+Vf
br/mE1HMhCyQ3MubMo8F+Xa9+y6PNC1bhP12APVz/g834vTE3OjdRcOXD2nF/AQd
5znCLJd7dWeqH8n9wcRGzvVcj7B9N2O5Ag0EZjtAEwEQAMZzdHlpNZdhm1SDbO0S
qP3rompZKEqhPA9b7L6m3/JGV0jCtisxmCCSxULKVzRolYYEnK3GMDDbAl/aZy//
TaIEPTHcq4SEOl3lehC5DK5f+OCED2wBeJluZ8Rg09LAoPpUieMxMfCygAS1t6Ff
Edoxr6kqvb21ECY7SvneGd8tI597NhqUg232IAtWrritFwE0IQ9S1MHEeaGi4auQ
npO5iERF04ILCZ+N/4iMc6SVv5v6VIyr1GXVxh9vme68weNSSNvP3DpdMXPOT1Cf
lEc5RjdubKtjVpnpVnynuENOX+hkyYAStAMOW0yw/kYzrqQ8zHpxTM1vfg7os4ij
yYhaEpyjGqvPXgBJ3h42CsiDirFBl+LKx4vX2fReKVnpm6RT6entWqeSIcdw3SZe
bSYlrJxszsmBdLy+4GUX58Hcf18UHqnCQEbYeXbTWn5Xj4kWNGhS6CTLAuU2CDmD
AUB7YRdwFof4NOud3KsI11U8UIC57f+hT07+OyhHZydJZfXniBodBbmwLMgVdsBx
5H7GL2517TYNZNWWQUGpTMs2RU6Er/e0UeqQmfp3dztCEmP1mfLrNg+DPkhNXwOA
vhv9xBuaP3LnceOMquT/b67KEh8HZiHWVZ8rdZR/BukIM6n788ph40FXSGvZJ1ex
DBaXVmsbkQZ6PDzO1ePSTcM7ABEBAAGJAjYEGAEKACAWIQRA8kCi+m/x1C98DVew
WY8+BOA2dAUCZjtAEwIbDAAKCRCwWY8+BOA2dGakD/0Q8jbpifGXVyg0vlesEBfD
i1gd51rT4lyyjNGFFe2A6wsFkeaiwBvEJMiytEF15i0Jts+fQ0V+W2L9zCiTaD9P
aU05rFESYL2gD6VGGbaAvy2SGhWjDMvwRvdCkdlTj9KoooRxDoouJHgSIDgCWEzs
JkM/uRrdi21psBJxwO2wgw9NXWrrn6ESwSVa4ZJTCn3/7t6n/lwfn7C5kvtHJ+1T
+nrWmZUWj369idbhQNXwR9co5ak/xdwWH1xSrk5h5bVhVZIodwmeloWdx3D1aNwq
ksBBjKkDj3Z2u/6y6aa534zGwq894wQWURx65B0iWn2B9NhlSDaGbmzGVNagib92
2gcnQk64BiaqzOOHh9lZNxusXtgTBWESQExQsGm11lz875WcZj4RfW9r4d+FhS50
2/2FiHLCsLd8+zwDajaN2h57BE/MhtQfad9cTrUAdRyUl0ySIww/52tbUQKEJvA6
gtEo9Que8JNhWSlecSJZDTyXrTtEHrqoOePoWKqvJqSHicbyZIs4wtqC0oHX8xzt
4xADp5FtsPokk/TzTrS8kFjH1XVW2FSAtJALiWELfIyDZ6Pc1vN1dwT5W9T2DoFO
S3UFLB+D/sMCFSAhYYgF7JGE2/Dcwhz8qBlreMQL/me3I9iT/AIwTWEpeYBaLytj
eN73iDdAt2n/oxdLMGXGxw==
=cFjQ
-----END PGP PUBLIC KEY BLOCK-----