• Responsible Disclosure of Security Vulnerabilities

    At Punktum dk, our sights are permanently set on protecting our data, systems and services. However, no system is 100 per cent secure, so if you find a weakness, we would like to hear about it, so we can patch the system as quickly as possible.

    What to do?

    • You can contact us by email to: disclosure@punktum.dk.
    • Please encrypt your email with our PGP key so the information does not fall into the wrong hands. The key can also be found on public key servers with key ID: 0xFDA20DA9A0587E80
    • Describe the problem in as much detail as possible: times, IP addresses, URL etc. If possible, please include screenshots to illustrate how the problem can arise and be exploited. We would like to be able to recreate the problem to make it as easy to fix as possible.
    • Let us know how we can get in contact with you if we need further information.

    What do we expect?

    • You will not tell anyone about the problem until we have fixed it.
    • You will delete any information you may have found and stored.
    • You will call our attention to the fact that the error can be abused as soon as possible.
    • You will not exploit the weakness in the system, for instance by deleting or changing data or by downloading more information than necessary.
    • You will not attack the physical security, social engineering, distributed denial-of-service (DDoS), spam or otherwise do anything harmful to our systems or to the systems of a third party.

    What to expect of us?

    • We will respond to your query within one working day, so you know that we have received your email.
    • We will examine your review of the problem and within five working days send you an email about our findings, including a date for when we expect to be able to resolve the issue.
    • We will resolve the issue as quickly as possible and always within three months.
    • We will provide you with regular updates.
    • Together with you, we will agree on when and how we will make the issue known to the public. We will only mention your name with your express permission.

    Thanks for helping us to protect our systems.