Responsible Disclosure

Skandia’s priority is the safety of our customers’ information. As a part of our coordinated security efforts we encourage and value input from the security community through our responsible disclosure program. If someone has discovered a vulnerability in one of our systems, then we would encourage them to contact us immediately so that we can address the problem promptly. The following information explains our responsible disclosure policy.

How to Contact Us

You can find our contact details and encryption keys via our security.txt. We would appreciate the following information in the report:

• Detailed description of the vulnerability with details on the web site or URL where it was found, the vulnerability type and any other information we might need to reproduce the problem. This will help us confirm and deal with the issue quickly and effectively.
• If applicable and possible, screenshots of the problem would be useful.
• If you wish to report the issue anonymously, please state this in your communication, and we will not contact you or retain your personal information.
• If you do not wish to be anonymous include your contact information (name, email address, telephone number and your pgp-key) with any additional information on communication preferences.

Scope

This responsible disclosure program applies to the following domains:

• *.skandia.se

Other Rules of Engagement

In the best interest of our customers we suggest the following:

• You do not engage in physical security techniques.
• You do not engage in social engineering.
• Do not attempt denial of service attacks, mass posting or other volumetric attacks.
• Do not use techniques that might affect the availability or performance of our services.
• You do not modify or remove or damage information in our systems.