Op zondag 21 juli zijn al onze winkels gesloten, behalve Torfs Oostende en Blankenberge


Je hebt nog geen favoriete winkel

Alle winkels
nl Nederlands fr français


Veelgestelde vragen

Bij Torfs L nv beschouwen wij de veiligheid en continuïteit van onze online services als één van onze topprioriteiten. Onze specialisten werken voortdurend aan het optimaliseren van onze processen en systemen, maar ondanks alle inspanningen die we leveren om onze systemen te beveiligen, kunnen kleine kwetsbaarheden steeds aanwezig zijn. Daarom werken wij samen met een ethical hacking platform.

Torfs L nv Responsible Disclosure Statement

Responsible Disclosure Statement

We investigate all reports of security vulnerabilities affecting our web presence. If you are a security researcher and you believe you have found a security vulnerability, please help us by reporting it so that we can work together to improve the safety and reliability of our systems.

You can report vulnerabilities by joining the Intigriti bug bounty program and registering as a researcher: www.intigriti.com

Intigriti is a crowdsourced security platform where security researchers and companies meet. As an ethical hacking and bug bounty platform, Intigriti aims to identify and tackle vulnerabilities in a cost efficient way. The platform facilitates online security testing through collaborating with experienced researchers.

Can I be rewarded for my report?

As an Intigriti researcher, you can earn good money. If you are willing to go public with your responsible hacking activities, you can receive financial rewards. Intigriti pays out rewards for every bug you manage to find and submit as the first researcher. Please be aware, Intigriti does not accept registrations from anonymous researchers.

With Our Thanks

If your vulnerability report is valid and you would like to be recognised for your contribution, we will gladly add you to our “Torfs L nv InfoSec Hall of Fame”, by name or anonymously. Rest assured, we will only add you to our “Hall of Fame” if you explicitly request this.

Can I Report A Vulnerability Anonymously?

If you prefer not to provide your name and contact details, you can report a vulnerability directly to Torfs L nv. However, you should consider that without this information we will be unable to discuss the next steps with you, or add you to our “Hall of Fame”.

To report a vulnerability directly to us, please send an e-mail to our security team: team.systeembeheer@torfs.be.

Our specialists will read your report and start working on it right away.

Please ensure that your e-mail is clear and succinct. In particular, please include the following information:

  • Description of the discovered vulnerability or risk
  • Evidence of the finding (e.g. Proof of Concept, video, screenshot, etc.)
  • The steps you undertook
  • The entire URL
  • Objects possibly involved
Examples of vulnerabilities could be:

  • Cross-site scripting (XSS) vulnerabilities
  • SQL injection vulnerabilities
  • Remote Code execution
  • Authentication bypass
  • Encryption vulnerabilities
Vulnerability Testing Rules

To ensure that your testing remains lawful, refrain from using invasive or destructive techniques. Always adhere to these rules:

  • Do not disrupt our online services.
  • Do not use techniques that can influence the availability of our online services.
  • Do not make any changes to the system.
  • Do not modify or delete any data in the system.
  • In case your finding requires a copy of the data from the system, do not copy more than your investigation requires. If one record is sufficient, do not copy more.
  • Do not make any customer or business data public.
  • Do not create a backdoor in any system.
  • Do not attempt to penetrate the system more than required. In case you successfully penetrate the system, do not share gained access with others.
  • Do not use any brute force techniques (e.g. repeatedly entering passwords) in order to gain access to the system.
  • Do not use social engineering in order to gain access to our IT systems.
Vulnerability Reporting Guidelines

To ensure the best outcome, please follow these guidelines:

  • Create your report in Dutch, French, or English. Reports in other languages will not be processed.
  • Give us enough details to enable us to reproduce the vulnerability.
  • Allow us a reasonable amount of time to fix the vulnerability before making any information public.
  • Consult with us before making any information public.
  • Do not ask Torfs L nv to compensate you for your report.
Our Vulnerability Reporting Commitment

You can expect the following commitments from us:

  • We will let you know that we received your report.
  • We will give you an estimate of how long the fix will take.
  • We will tell you when we have fixed the vulnerability.
Your Privacy

Your personal information will only be used to approach you regarding your vulnerability report. We will not distribute your personal information to third parties without your permission. Should the law require us to provide your personal information to an authority we will ensure that the applicable authority treats your personal information confidentially. We will remain responsible for your personal information.

Thank you for your support. Information Security Team – Torfs L nv

Last update: January 2020