Responsible Disclosure
How to report a security vulnerability to NextSDS
We welcome reports from security researchers and the wider community. If you believe you have found a security vulnerability in a NextSDS product or service, please tell us so we can fix it.
How to report
- Email security@nextsds.be with a description of the issue and steps to reproduce.
- Our machine-readable contact details are published at
/.well-known/security.txt.
What we ask
- Give us reasonable time to investigate and remediate before any public disclosure.
- Do not access, modify, or delete data that is not yours, and do not degrade our service (no denial-of-service, spam, or social engineering).
- Act in good faith and within the law.
What you can expect
- We will acknowledge your report, keep you updated on our assessment, and let you know when the issue is resolved.
- We do not currently operate a paid bug-bounty programme, but we are happy to credit reporters who wish to be acknowledged.
Scope
NextSDS production products and services and their supporting infrastructure. Third-party platforms we rely on (listed in our Subprocessor Register) should be reported to the respective provider.