Responsible disclosure

At LeasePlan, we consider the security of our systems high priority. However, despite the considerable care we take regarding security, we realise that vulnerabilities can and will remain. If you do find such a vulnerability, we would appreciate to be notified as soon as possible so we may take appropriate measures to swiftly remediate.

Please note that our responsible disclosure policy is not an invitation to actively probe our business network / internet facing services to discover vulnerabilities. These probes do generate attention of our security team and might trigger (costly) security investigations.

 

What we request from you

 

What we promise to do at LeasePlan Digital

What to report

Please do report:

Please do * not * report:

How should you report

Describe the found issue as explicit and detailed as possible and provide any evidence you might have. You can take into account that the notification will be received by security experts such as the LeasePlan Security Team. Furthermore sent the reports in English. We encourage you to send the e-mail in encrypted state. Please use the PGP key located on the bottom of this page.

Include the following in your disclosure e-mail:

Rewards

Please be aware that LeasePlan currently cannot offer rewards for (security) bug reports.

Privacy

For follow-up we will ask your contact details (name, e-mail, PGP-Key and optionally a Phone number) unless you chose to report anonymously.

Your personal information is only used to approach you and undertake actions with regard to your reported vulnerability. We will not distribute your personal information to third parties without your permission. Unless, the law requires us to provide your personal information or when an external organisation takes over the investigation of your reported vulnerability. In this case we will ensure that the applicable authority will treat your personal information confidentially. We will remain responsible for your personal information.

Email your findings

Please encrypt your findings using our PGP key to prevent sensitive information from falling into the wrong hands.

Email us