Coordinated Vulnerability Disclosure - Responsible Disclosure

You can report all findings regarding the security of DHB Bank’s online services, as soon as discovered. Potential vulnerabilities might relate to:

• Remote Code Execution
• Cross-Site Scripting (XSS)
• Cross-Site Request Forgery (CSRF)
• SQL Injection
• Encryption vulnerabilities
• Bypassing authentication or unauthorized access to data

• Comments on the quality of services that DHB Bank provides
  (Above can be reported at info@dhbbank.com)
• Comments or questions about the accessibility of the bank’s services
  (Above can be reported at info@dhbbank.com)
• Fraud or potential fraud
  (Above can be reported at klachten@dhbbank.com)
• Reporting viruses and / or malware
  (Can be reported at report-phish@dhbbank.com)
• Potentially false or so-called phishing emails
  (Can be reported at report-phish@dhbbank.com)

How to report a weakness
Weaknesses can be reported by email to Responsible-Disclosure@dhbbank.com. Please use our secure file transfer service to send your report securely & directly to the above mentioned email address so that it is not intercepted by cyber criminals. The report should state concisely & clearly the observed weakness(es).
We will investigate & take appropriate action immediately.

Handling Report
Our security team will investigate the report and will contact you within five working days to discuss the weakness, how vulnerability was discovered and follow-up action.

Privacy
Your personal details will only be used to take action based on your report and communicate back. Personal details will not be shared outside DHB Bank without your explicit permission unless required to do so by law.

To know more about rules of engagement, please click here.