Logo Storteboom

Responsible disclosure

Responsible Disclosure – Vulnerability Reporting Helpdesk at 2 Sisters Storteboom

2 Sisters Storteboom considers the security of its systems and website very important. We constantly work to improve the security of our systems, the availability of the website and the protection of our customers’ data against misuse. Despite our care for the security of our systems, vulnerabilities may occur.


If you are an expert in internet security and have discovered a potential vulnerability, we ask for your collaboration. If you find a vulnerability, we would like to hear about it so that we can take action as soon as possible. We would like to work with you in order to better protect our customers, suppliers, other stakeholders and our systems.

How to file a report

You can email your findings to security@2sistersstorteboom.com. Once we receive your report, we will investigate it. You will receive an initial response within two working days. After the investigation, you will be informed about the further processing of your report.

Rules of the game

During your investigation, you could commit acts that are punishable by law. If you act according to the rules for reporting vulnerabilities within our systems, 2 Sisters Storteboom has no reason to report you or file a claim for damages. Bear in mind that it is ultimately the Public Prosecutor who decides whether or not to prosecute a suspected criminal offence.

  • Do not misuse the problem by downloading more data than necessary in order to prove the leak or by accessing, deleting or modifying third-party data, for example;
  • Do not make any system changes;
  • Do not put a backdoor in an information system, not even in order to demonstrate vulnerabilities as this may cause additional damage and create unnecessary security risks;
  • Make minimal use of a vulnerability;
  • Do not use social engineering in order to gain access to a system;
  • Do not attempt to access the system more often than necessary;
  • Do not use brute force techniques (repeatedly trying passwords) in order to gain access to the systems;
  • Do not share the problem with others until it is resolved and delete all confidential data obtained through the vulnerability immediately after resolution;
  • Secure your own system as best you can.

Your privacy

We will ask you for your personal data in order to communicate with you following the report. We will not pass on your personal data to third parties without your permission, unless there is a legal obligation to do so.


To thank you for your help, we offer a reward for any security issue reported that is not already known to us. We establish the amount of the reward based on the seriousness of the leak and the quality of the report. 2 Sisters Storteboom decides whether you, as the reporter, are eligible for a reward.

Dutch National Cyber Security Centre

These regulations are based on the Guidelines Towards Responsible Disclosure as drawn up by the Dutch National Cyber Security Centre of the Ministry of Security and Justice.

Putten, July 2022