Haubot
Logo
  • 资产
    • 按类别
    • 建筑与重型机械
    • 运输与物流
    • 农业与林业
    • 工业与物料搬运
    • 航空与地面设备
    • 海事与专业设备
    • 能源与发电
    • 石油与天然气
    • 国防与公共资产
    • 热门品牌
  • 拍卖
  • Trade Hub
  • 业务
    • 解决方案
    • 物流
    • SecureTrade
    • 检验
    • 融资
    • 零部件
    • 关于我们
    • 发展历程
    • 未来
    • 成为合作伙伴
  • 资讯
  • 帮助中心
Network登录注册

Security & Vulnerability Disclosure

Machine-readable contact: /.well-known/security.txt

Haubot International B.V. takes the security of its platform and its users seriously. If you believe you have found a security vulnerability in any Haubot service, we welcome your report and will work with you to verify and remediate it. This page describes how to reach us, what is in scope, and the rules we ask researchers to follow.

How to report


Email [email protected]. To help us triage quickly, please include:

  • A clear description of the issue and its potential impact.
  • Step-by-step instructions to reproduce it, including the affected URL, endpoint, or page.
  • Any proof-of-concept, request/response samples, or screenshots.
  • How we can contact you for follow-up.

For sensitive details you can encrypt your report to our OpenPGP key at /.well-known/openpgp-key.txt (fingerprint 5790 9E5B 4533 287C 3313 28A8 2758 5377 4AA4 493F).

Scope


In scope: the Haubot website and web application at haubot.com and its subdomains, the Haubot API, and the official Haubot mobile apps for iOS and Android.

Out of scope:third-party services and vendors we do not operate; findings that require physical access to a user's device; social engineering of Haubot staff or users; volumetric denial-of-service (DoS/DDoS) and rate-limit/brute-force testing; spam or content-injection that has no security impact; and automated scanner output without a demonstrated, reproducible vulnerability.

Rules of engagement & safe harbor


We ask that you act in good faith and:

  • Test only against accounts and data that belong to you. Do not access, modify, or destroy other users' data.
  • Do not degrade, disrupt, or run high-volume automated traffic against production services.
  • Stop and report as soon as you have established that a vulnerability exists; do not pivot further into the system.
  • Give us a reasonable time to remediate before disclosing the issue publicly, and do not share it with third parties in the meantime.

If you make a good-faith effort to comply with this policy during your research, we will consider your testing to be authorized, we will not pursue or support legal action against you for it, and we will work with you to understand and resolve the issue quickly.

What to expect from us


  • We aim to acknowledge your report within three business days.
  • We will keep you informed as we investigate and remediate.
  • With your permission, we are happy to credit you once the issue is resolved.

资产

建筑与重型机械运输与物流农业与林业工业与物料搬运航空与地面设备海事与专业设备能源与发电石油与天然气国防与公共资产

解决方案

物流SecureTrade检验融资零部件

快速入口

拍卖Trade Hub资讯帮助中心

关于我们

发展历程未来成为合作伙伴

法律信息

卖家托管拍卖条款Haubot 托管拍卖条款商品发布条款买家条款平台服务条款使用条款隐私政策Cookie 政策

联系我们

客户支持+31 970 1026-9569

Haubot
Haubot International B.V. ©Diemerhof 42, Diemen 1112 XN, Netherlands2007 – 2026