Responsible Disclosure

We, the administrators of the website of Scouting EOS / St. Hubertus Terneuzen, know that every site with or without userdata is vulnerable. At the very end of the day, this website just runs on a well known CMS with many vulnerabilities, bugs and whatmore. We do our very best to keep hackers out of our databases, our CMS and our social media, but if someone with bad intentions really wants to break in our systems, it is not a secret to say that it is easy nowadays to do so.

However,

Our website is crafted for a local Scouting group and uses userdata for it’s administration and for the website to run well. We kindly ask you if you are planning to hack into our systems, to not do that. It is the very least thing we can ask you. By hacking into our systems, making our files corrupt or by letting us pay a specific amount of coins, you would not only cause us to lose our site, but the damage would simply be huge since a lot of userdata with vulnerable information would be gone or stolen. We are a small non-profit organisation and such an occurrence would simply lead us to making a lot of extra costs, which we are not planning to pay.

We respect and admire your possible coding skills, but as said here above, the damage would affect us hugely. That is why we will now clarify what we tolerate and accept in terms of hacking. We accept white-hat-hackers and grey-hat-hackers if all actions and steps to get into our systems are made clear in way we can understand as administrators, for example by (anonymously) mailing us via webmasterscoutingeos@gmail.com. Use a temporary email address service to send your mail, otherwise your mail server will be known.

We do not admire and tolerate blackhat-hackers. We understand that you might have a specific skill, but attacks will be investigated and reported to local/ (inter)national authorities, since replacing backups cost time and money.

RULES:

Whitehat Hackers
Tolerated and admired.
Are hired by us and will receive something in return.
Allowed to hack into our systems. All actions/ steps need to be reported.

Greyhat Hackers
Tolerated and admired.
Allowed to hack into our systems if all actions/ steps are reported.
Might receive something in return, depends on the vulnerability.
May leave a hidden proof when gotten into our systems; Create a hidden (page with the) message “I am in! Expect a mail from me!”
Aren’t allowed to shutdown our services (like our server, social media…) or to interrupt our website’s accessibility.
Need to send a mail to the e-mail address before breaking into our systems and after breaking into our systems as described in the text above.

Blackhat Hackers
Not Tolerated.
Attacks will be investigated and reported to local/ (inter)national authorities.
Won’t receive something in return.
Aren’t allowed to shutdown our services (like our server, social media…) or to interrupt our website’s accessibility.

Keep this page updated at all times. New restrictions are added constantly.
Last update 07-04-2021

Click here to return to the homepage.