FBK Responsible Disclosure

FBK Responsible Disclosure

These Responsible Disclosure Guidelines offer direction for identifying and submitting information regarding potential vulnerabilities to FBK and apply only to disclosure of potential vulnerabilities affecting systems owned or controlled by FBK. Reporting parties must submit their information at abuse@fbk.eu .

Your report must include the following information:

  • Contact email address

  • Vulnerability description

  • Vulnerability locations

  • Validation steps

  • Recommended fix

  • Assumed impact

FBK, being a public body that uses public money, does not provide compensation in exchange for information pertaining to security vulnerabilities under this Responsible Disclosure Program but will insert the reporters in the web page “Security Researchers Helping Keep FBK Safe” and, upon request, will provide a letter of recommendation acknowledging his contribution.

FBK may choose not to pursue, contact, or otherwise interact with reporters who decline to identify themselves when making the report. FBK will deal in good faith with reporting parties who comply with these Responsible Disclosure Guidelines.

For parties who conduct security research and vulnerability disclosure activities in accordance with these Responsible Disclosure Guidelines, FBK will not initiate or recommend any law enforcement or civil lawsuits related to such activities.

Activities conducted under these Responsible Disclosure Guidelines must be limited exclusively to the following:

  • Testing to detect a potential vulnerability or to identify an indicator related to a potential vulnerability; or

  • Sharing information with FBK, or receiving information from FBK, related to a potential vulnerability.

Reporting parties must allow FBK an opportunity to correct a potential vulnerability within a reasonable timeframe before publicly disclosing the identified issue, to ensure that FBK has developed and thoroughly tested the solution to such issue.

FBK reserves the right, in its sole discretion, to modify the terms of these Responsible Disclosure Guidelines or to terminate any or all of them at any time.