Please contact us right away if you have found any security weaknesses on Brico.be. All valid reports will be taken seriously, and we will work to fix any verified issues as soon as possible.

SECTION 1 – CORE PRINCIPLES

Brico will not pursue legal action or an investigation against you if you submit vulnerability reports according to the guidelines below:

  1. Allow Reasonable Time: Give us enough time to investigate and fix the issue before public disclosure.
  2. Respect User Privacy: Do not retrieve or modify any personal data from other users’ accounts.
  3. Act in Good Faith: Avoid service interruptions, data destruction, or disruption to others.
  4. Do Not Exploit: Do not use the vulnerability to access sensitive data or escalate risk.
  5. Follow Applicable Laws: Your actions must comply with all legal regulations.

SECTION 2 – BOUNTY PROGRAM

Brico appreciates the efforts of ethical security researchers. At our sole discretion, we may provide monetary rewards for valid and relevant vulnerability disclosures based on severity and potential risk. To qualify, you must comply with our core principles and report a valid security bug that poses a real risk to our systems.

SECTION 3 – NON-ELIGIBLE SUBMISSIONS

The following issues do not qualify for bounties: Spam, social engineering, phishing reports, missing SPF/DMARC records, Clickjacking on non-sensitive pages, and Denial-of-Service (DoS) attacks.

How to Submit a Report

When reporting a vulnerability, please provide reproduction steps, potential impact, and any relevant screenshots or code snippets via our contact email.

Still Need Help?

Email us at: contact@brico.be

Visit us: Avenue Alfons Gossetlaan 46, 1702 Groot-Bijgaarden, Belgium