We strive for perfection – and your help is welcome
Operating an electronic identity platform is all about trust. We have built a strong and robust architecture that is approved according to the high security standards of DIGG – Sweden´s agency for digital government and keeping our users and relying parties secure within our system is fundamental for our existence.
And even though we save no effort on building and maintaining our security measures, a complex service in an even more complex world is constantly exposed to unexpected situations. Errors can also occur despite thorough testing and rock solid policies. Therefore we would ask for your help in the event of you finding anything that might constitute a threat or malfunction.
How can you help?
If you have found anything you would like to report, please send an e-mail to [email protected] and, if possible, please encrypt the information with our public PGP key (Fingerprint: 3C25 6874 EB96 A3C2 9B4E D8F2 C575 5F1B 4F4E F5AB). We also ask you to please include the following information:
- A description of the issue you have found and screenshot, if possible
- Reference to where you found it, i.e URL.
- Information that might help us reproduce the issue
- How we can get in touch with you: Name, email, mobile, and your PGP key, if you have one. You may, of course, contact us anonymously but be aware that in such a case we cannot give you any updates.
What kind of information should you report?
In this matter we are asking for information related to security flaws in our service. If your findings regard content errors or issues that are not related to security we would, of course, also like to hear about them. In that case please send an email to [email protected].
How shall you manage the information?
For the security of the service and for our users we ask you not to access, remove or modify any kind of information. We appreciate your help and even though we don’t have a pre-definied bounty program, we will of course show our appreciation in some form!