EURid Responsible Disclosure Policy

We take the security of our systems and services seriously to ensure the protection and privacy of our users and customers and the stability and availability of our services.

To facilitate, confirm and expand our appreciation towards the security researcher’s community, we work with a bug bounty platform called Intigriti (www.intigriti.com). On this platform, you will find our public bug bounty program that is open to all. We urge you to use the platform to report vulnerabilities within the scope defined through the program.

Nevertheless, if you stumble upon an issue you consider a vulnerability and do not wish to use the Intigriti platform, you are still encouraged to directly report the problem to us. Please do understand that the scope and guidelines described on the Intigriti platform also apply on this website. There are no rewards given for direct reports. 

Our public bounty program can be found at the following location: https://www.intigriti.com/public/project/eurid/eurid. 

How to report a security vulnerability?

If you believe that you have found a security vulnerability in one of our services or platforms and wish not to use the bug bounty platform, please send a report, including a reproducible Proof of Concept of the exploit, to us by encrypted email to security [dot] office [at] eurid [dot] eu. Alternatively, you can use our secure transfer platform https://cs.eurid.eu. 

Please include the following details alongside your report:

•    Description of the location and potential impact of the vulnerability;
•    A detailed description of the steps required to reproduce the vulnerability (POC scripts, screenshots, and compressed screen captures are all helpful to us); and
•    How to contact you.

View our PGP for Responsible Disclosure.