Vulnerability Disclosure Policy

At S7orS, we care about the security of our website, webshop, customers and systems. We appreciate the work of security researchers and others who responsibly report potential vulnerabilities to us.

We are a small independent webshop, so we do not have a formal bug bounty programme and we are not able to offer rewards, payments or bounties for reports. However, we do value responsible reports and will do our best to respond appropriately.

Reporting a vulnerability

If you believe you have found a security vulnerability on our website or related systems, please contact us at:

webmaster@s7ors.nl

Please include enough information for us to understand and reproduce the issue, such as:

  • The affected URL or system
  • A clear description of the vulnerability
  • Steps to reproduce the issue
  • Any relevant screenshots, logs or proof-of-concept details
  • Your contact details, if you would like a response

Please do not publicly disclose the vulnerability until we have had a reasonable opportunity to investigate and resolve it.

Responsible research

When researching or reporting a vulnerability, please act responsibly and minimise any potential damage. In particular, please:

  • Do not access, modify, delete or copy data that does not belong to you
  • Do not use customer, order, account or personal data for any purpose
  • Do not attempt to gain persistence or maintain access
  • Do not perform denial-of-service attacks or other actions that could disrupt our webshop
  • Do not use automated high-volume scanning that may affect availability
  • Do not use social engineering, phishing, spam or physical attacks
  • Stop testing as soon as you have confirmed the vulnerability
  • Report the issue to us as soon as reasonably possible

If you accidentally access personal data or confidential information, please stop immediately, do not save or share the data, and include this in your report so we can assess the situation.

Our approach

If you follow this policy and act in good faith, we will not pursue legal action against you for reporting the vulnerability to us.

We will try to acknowledge your report within a reasonable time and investigate it based on severity, impact and available resources. As a small webshop, our response times may vary, but we take genuine security issues seriously.

We may contact you for additional information if needed. Once the issue has been resolved, we are happy to credit you publicly if you would like, unless you prefer to remain anonymous.

No bounty programme

S7orS does not operate a paid vulnerability reward or bug bounty programme. Submitting a report does not create any expectation of payment, reward, gift or compensation.

We are grateful for responsible reports, but we cannot provide financial rewards.

Scope

This policy applies to the website and webshop operated at:

Homepage

Any third-party services, payment providers, shipping providers, social media platforms or external systems linked from our website are outside the scope of this policy. Please report vulnerabilities in those systems directly to the relevant provider.

Thank you

Thank you for helping us keep S7orS safe for our customers and visitors.