Security Vulnerability Disclosure Program

1. Responsible Disclosure Policy

We encourage security researchers to responsibly disclose vulnerabilities through coordinated disclosure. We commit to:

No legal action against good-faith researchers
Prompt investigation of valid reports (within 72 hours)
Public acknowledgment of your contribution (with permission)
Non-pursuit of civil or criminal claims under UK Computer Misuse Act 1990

2. Reporting Procedure

Immediate Steps:

Encrypt vulnerability details using our PGP key:

-----BEGIN PGP PUBLIC KEY BLOCK-----
[YOUR PUBLIC KEY HERE]
-----END PGP PUBLIC KEY BLOCK-----

Email encrypted report to: security@reinierverplancke.shop
Include proof-of-concept code and impact analysis

Do NOT:

Access/modify user data without explicit consent
Disrupt production systems (DDoS, brute-force attacks)
Publicly disclose before we patch the vulnerability

3. Eligible Vulnerabilities

In-Scope Systems:

reinierverplancke.shop domain and subdomains
Payment processing infrastructure
Customer databases (anonymized testing only)

Priority Vulnerabilities:

SQL Injection
Cross-Site Scripting (XSS)
Authentication bypass
Remote Code Execution
Payment system compromises

4. Out-of-Scope Vulnerabilities

We do NOT accept reports for:

SPF/DMARC misconfigurations
CSRF with minimal impact
Clickjacking without proof of exploitability
Denial-of-service vulnerabilities
Physical security testing

5. Response Timeline

0-24h: Automated acknowledgement

72h: Initial assessment completion

7d: Patch development status update

30d: Target resolution date

90d: Public disclosure (coordinated)

6. Data Handling Requirements

Under UK GDPR and Data Protection Act 2018:

Minimize exposure of personal data during testing
Delete all extracted data after verification
Report accidental personal data breaches immediately
We will notify ICO within 72h if breach occurs

7. Legal Protections

This program operates under UK law with protections:

Exemption from Computer Misuse Act 1990 prosecution
No civil litigation for good-faith research
Safe harbor extends only to authorized testing

Exclusions:

Malicious destruction of data
Financial gain from vulnerabilities
Testing third-party integrations

8. Recognition

For valid vulnerabilities:

Hall of Fame listing (with consent)
Written acknowledgment letter
Non-monetary appreciation tokens

Note: We do not operate a bug bounty program at this time

9. Incident Response

For active security incidents:

Critical Threats: +44 785 5632-8945 (24/7)
Data Breaches: dpo@reinierverplancke.shop
ICO Reporting: https://ico.org.uk/make-a-report

10. Policy Governance

Managed according to:

NCSC Vulnerability Disclosure Guidance
ISO/IEC 29147:2018 Standards
UK Cyber Essentials Framework

Quarterly reviews conducted by external auditors.

Advanced Variable products with swatches

Security Vulnerability Disclosure Program

1. Responsible Disclosure Policy

2. Reporting Procedure

3. Eligible Vulnerabilities

4. Out-of-Scope Vulnerabilities

5. Response Timeline

6. Data Handling Requirements

7. Legal Protections

8. Recognition

9. Incident Response

10. Policy Governance

Hey you, sign up and connect to Woodmart!

Reinier Verplancke offers premium design solutions with a focus on sustainable innovation. Our team delivers exceptional craftsmanship tailored to your unique vision.

HEY YOU, SIGN UP AND CONNECT TO WOODMART!

Advanced Variable products with swatches

Security Issue Reporting Policy

Security Vulnerability Disclosure Program

1. Responsible Disclosure Policy

2. Reporting Procedure

3. Eligible Vulnerabilities

4. Out-of-Scope Vulnerabilities

5. Response Timeline

6. Data Handling Requirements

7. Legal Protections

8. Recognition

9. Incident Response

10. Policy Governance

Hey you, sign up and connect to Woodmart!

HEY YOU, SIGN UP AND CONNECT TO WOODMART!