Responsible Disclosure

In this current time and place online privacy and security is more important than ever, 9altitudes considers the security of its users, devices, and other assets a high priority. Nevertheless, there can still occur security incidents or vulnerabilities might be present. Please follow the instructions below and be transparent.

We currently do not work with a reward system.

Found a vulnerability within our environment?

  • E-mail your findings to cds.security.management@9altitudes.com. Don’t create a ticket or share this information through our general communication channels to prevent this critical information from falling into the wrong hands.
  • Try to provide as much information as possible, so we will be able to resolve it as quickly as possible. The IP or URL of the affected system usually suffices, complex vulnerabilities may require further explanation.
  • Do not take advantage of the vulnerability or problem you have discovered, for example by downloading more data than necessary to demonstrate the vulnerability or deleting or modifying other people's data.
  • Do not reveal the problem to third parties until it has been resolved.
  • Do not test vulnerabilities on customers or third parties for any reason.
  • Do not use attacks on physical security, social engineering, distributed denial of service, spam or applications of third parties.


What can you expect

  • We will respond to your report within 5 business days with our evaluation of the report and expected resolution date.
  • We will handle your report with strict confidentiality, and we do not forward your personal data to third parties without your permission.
  • If you did follow the instructions mentioned here above, no legal action needs to be taken against you regarding the report, as long as you are not acting as a malicious actor.

We strive for a secure work environment for 9altitudes and our customers, thank you for helping us with your efforts!

Stay up to date!