For employers

Responsible disclosure & securitybeleid

This is an automatic translation. The Dutch version is legally binding.

Version 1.0

24werk.com attaches great importance to the security of its systems, users and personal data. Despite the care devoted to security, it may happen that a vulnerability is discovered. With this Responsible Disclosure & Security Policy, 24werk.com offers security researchers, users and other parties involved the possibility to report vulnerabilities in a responsible manner. The purpose of this policy is to improve the security of the platform and to protect candidates, employers and other users.

Article 1 – Purpose of this policy

  1. The purpose of this policy is to identify and resolve security problems in a responsible manner.
  2. 24werk.com encourages the reporting of vulnerabilities.
  3. Reporters who act in good faith need not fear legal action because of their report, provided this policy is fully complied with.

Article 2 – Scope

This policy applies to:

  • the website 24werk.com
  • subdomains of 24werk.com
  • web applications of 24werk.com
  • APIs of 24werk.com
  • systems owned or managed by 24werk.com

This policy does not apply to third-party systems that are not under the control of 24werk.com.

Article 3 – Reports of vulnerabilities

A report may relate, among other things, to:

  • unauthorised access
  • privilege escalation
  • authentication problems
  • authorisation problems
  • data breaches
  • SQL injections
  • Cross-Site Scripting (XSS)
  • Remote Code Execution (RCE)
  • CSRF vulnerabilities
  • configuration errors
  • information leaks
  • security flaws in APIs
  • other vulnerabilities that may affect confidentiality, integrity or availability

Article 4 – Responsible conduct

Reporters are expected to:

  • act carefully
  • not misuse the vulnerability
  • not copy or distribute data
  • not delete or modify data
  • not take over accounts
  • not disrupt systems
  • not place malware
  • not install backdoors
  • not apply social engineering

The purpose of the research must solely be to establish and report the vulnerability.

Article 5 – What is not permitted

It is not permitted to:

  • download personal data
  • export candidate data
  • export employer data
  • disrupt systems
  • carry out denial-of-service attacks
  • carry out brute-force attacks
  • carry out phishing
  • take over accounts
  • publicly disclose vulnerabilities before they are resolved

Article 6 – Content of a report

A report preferably contains:

  • name of the reporter
  • contact details
  • date of discovery
  • technical description
  • impact analysis
  • reproducible steps
  • screenshots if relevant
  • a proposed solution, if any

The more complete the report, the faster it can be investigated.

Article 7 – Handling of reports

  1. 24werk.com will assess reports as soon as possible.
  2. If necessary, additional information may be requested.
  3. 24werk.com independently determines the priority of a report.
  4. 24werk.com may decide to mitigate a vulnerability immediately, temporarily shield it or resolve it definitively.

Article 8 – Confidentiality

1. Reports are treated confidentially.

2. The reporter will not disclose information about the vulnerability until:

  • the vulnerability has been resolved; or
  • written permission has been granted by 24werk.com

3. 24werk.com also treats received information confidentially insofar as this is reasonably possible.

Article 9 – No reward programme

1. 24werk.com currently does not operate a bug bounty programme. 2. Reporting vulnerabilities gives no right to:

  • financial compensation
  • reward
  • compensation
  • contractual relationship

3. 24werk.com may, at its own discretion, decide to thank or acknowledge a reporter.

Article 10 – Security measures

24werk.com strives for an appropriate level of security and may use, among other things:

  • encrypted connections
  • access control
  • logging
  • monitoring
  • authentication mechanisms
  • security updates
  • backup provisions
  • fraud detection
  • security scans

24werk.com does not guarantee that systems are entirely free of vulnerabilities.

Article 11 – Data breaches

1. If a vulnerability may have led to a data breach, 24werk.com will assess the situation in accordance with applicable privacy legislation.

  1. If legally required, data subjects or supervisory authorities may be informed.
  2. 24werk.com independently determines whether there is a reportable data breach.

Article 12 – Liability

  1. Reporting a vulnerability creates no contractual relationship between the reporter and 24werk.com.
  2. 24werk.com accepts no liability for costs incurred by a reporter in carrying out research.
  3. Insofar as permitted by law, all liability is excluded.

Article 13 – Relationship with other documents

This policy should be read in conjunction with:

  • the Terms and Conditions
  • the Employer Terms
  • the Candidate Terms
  • the Delivery Terms
  • the Privacy Statement
  • the Cookie Statement
  • the Disclaimer
  • the Anti-discrimination Policy
  • the Notice & Takedown Procedure
  • the Complaints Procedure

Article 14 – Changes

  1. 24werk.com reserves the right to amend this policy.
  2. The most current version is published on the platform.
  3. Continued use of the platform counts as taking note of amended versions.

Article 15 – Contact

Vulnerabilities can be reported via: 24werk.com Email: info@24werk.com. Reports must contain sufficient information to be able to reproduce and assess the vulnerability. This Responsible Disclosure & Security Policy takes effect on the date of publication on the platform.

24werk connects job seekers with reliable employers across the Netherlands. Fast, flexible and always reachable – that is how we work.

Navigatie

Candidates

Employers

© 2026 · 24werk · All rights reserved

Cv improvement tips

Improve your cv with these practical tips:

💡 Tip: Save these tips for later!
Cv tips
For employers