Responsible Disclosure Policy

At Dragon1 Inc. we consider the security of our systems very important. Despite our concern for the security of systems, it is possible that there is a weak spot.

If you have found a weak spot in one of our systems, we would like to hear about it so that we can take measures as quickly as possible. We would like to work together to better protect our users and our systems.

Our Responsible Disclosure policy is NOT AN INVITATION to actively scan our corporate network extensively to discover naked spots. We monitor our company network. There is a good chance that a scan will be picked up and that our CERT (Computer Emergency Response Team) will investigate the genesis and potentially incur unnecessary costs.

There is a chance that during your investigation you will start execution according to the criminal process. If you comply with the conditions below, we will not take legal action against you regarding the report. The Public Prosecution Service in the Netherlands always has the right to decide whether you are prosecuted. The Public Prosecution Service has published this.

We ask you:

  • Email the weak spot as soon as possible to ciso@dragon1.com. Encrypt your next one with our PGP key https://www.dragon1.com/public_key.zip to prevent the information from falling into created hands.
  • Not to abuse the weakness by, for example, downloading more data than is necessary to demonstrate the leak by changing the deletion of data and by exercising extra restraint with personal data.
  • Not sharing the weakness with others until it is resolved. Not to use automated security attacks from third-party applications, social engineering, distributed denial-of-service, or spam.
  • Provide enough information to reproduce the weakness so that we can fix it as quickly as possible. When implemented, the IP address of the URL of the affected system, a description of the vulnerability and the actions taken is sufficient, but more complex vulnerabilities may require more.

What we promise:

  • We will respond to your report within 3 working days with our assessment of the report and a result for a solution.
  • We will handle your report and will not share your personal information with third parties without your permission unless this is necessary to reach an agreement.
  • We will keep you informed of the progress of fixing the weakness.
  • Anonymous or pseudonymous reporting is possible. It is good to know that this is good that we can then not contact you about, for example, the next steps, the progress of closing the leak, or publication of the next coming before the report.

It is our policy not to award rewards when reporting weak spots.

We strive to resolve all issues as quickly as possible, keep all parties informed, and we are happy to be involved in a publication about the vulnerability when it has been resolved.

Our policies are licensed under a Creative Commons Attribution 3.0 license. The policy is based on the example policy of Floor Terra (ResponsibleDisclosure.nl)

Architecting Solutions

DEMO: Concept Mapping Software

How to generate diagrams using Excel on Dragon1 EA Tool

Learn to generate diagrams using repositories
DEMO: BPMN Onboarding Process Example

DEMO: BPMN Onboarding Process Diagram - Measure Rules Compliance

Manufacturing, Financial Solutions
DEMO: Enterprise Architecture Blueprint Template

DEMO: Generate an Enterprise Architecture Blueprint to discover and solve RISK

Banking, Logistics, Healthcare
DEMO: Data Mapping Software

DEMO: Generate Application Landscape for SECURITY

Automotive, Financial Services, Health Care
DEMO: Strategy Mapping Software

DEMO: Generate Strategy Map for CLOUD ADOPTION

Government, Logistics, Banking
DEMO: Process Application Map

DEMO: Generate Process Application Landscape for RPA

Retail, Agriculture, Oil & Gas