Vulnerability Reporting Policy

Viaservice Security Vulnerability Reporting Policy

Viaservice BV values the work done by security researchers in improving the security of our TransFollow products and service offerings. We are committed to working with security researchers to verify, reproduce, and respond to legitimate reported vulnerabilities. We encourage security researchers to participate in our responsible reporting process. To report product security related issues directly please email to support@transfollow.org.


Third-party bugs

If issues reported affect a third-party library, external project, or another vendor, Viaservice reserves the right to forward details of the issue to that party without further discussion with the researcher. We will do our best to coordinate and communicate with researchers through this process.


Responsible Disclosure Guidelines

We will investigate legitimate reports and make every effort to quickly correct any vulnerability. To encourage responsible reporting, we will not take legal action against you nor ask law enforcement to investigate you provided you comply with the following Responsible Disclosure Guidelines:


Provide details of the vulnerability, including information needed to reproduce and validate the vulnerability and a Proof of Concept (POC). Any vulnerability that implicates TransFollow product functionality must be reported within 7 days of identifying the vulnerability.

Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our TransFollow services.

Do not modify or access data that does not belong to you.

Give Viaservice a reasonable time to correct the issue before making any information public.

Alter only data that you own or have permission to access.


Viaservice will not bring a copyright infringement claim under the Digital Millennium Copyright Act ("DMCA") against a researcher who circumvents security mechanism, so long as the researcher does not access any other code or binaries.