Bug Bounty Programs

The purpose of this website is to publish general information about bpost and its subsidiaries and their respective activities.

Our Online Enrollment for Students Application allows students to apply for educational programs at the university or university colleges. Each year, approximately 40,000 applicants enter their personal information and educational preferences through this platform. As with all of our systems, we strive to maintain a secure and seamless experience. We invite researchers to challenge the security of our Online Enrollment for Students Program by identifying and reporting any vulnerabilities they may find. Your contributions help us protect the sensitive information of our applicants and ensure the integrity of the enrollment process.

Torfs - the well-known shoe retailer in Belgium - is still a 100% family business today. This family character guarantees a number of important values within the company where employees are central. A head office in Sint-Niklaas and a spectacular distribution center in Temse offer support to the points of sale and customers of the E-Commerce website. With more than 80 stores in Flanders, 2 shops in the French part of Belgium and a growing online shop in Belgium, The Netherlands and several marketplaces, Torfs wants to be and remain the most customer-friendly optichannel shoe store chain.

Tomorrowland is one of the most-loved and best-known music festivals on the planet. Because of this Tomorrowland usually sells out in minutes and manages a large fanbase. Tomorrowland also innovates by providing its visitors cashless onsite payments and a wide range of online services. This has increased Tomorrowland's digital footprint. We value all help we can get securing this digital footprint.

Venly is a blockchain technology company providing developer-friendly solutions to help businesses seamlessly integrate Web3 capabilities into their applications. Our mission is to make blockchain accessible for everyone by offering secure, scalable, and easy-to-use tools for developers, enterprises, and end users. With a strong focus on user experience, security, and innovation, Venly delivers a suite of blockchain infrastructure solutions, including: * Venly Wallet – A secure, multi-chain digital wallet solution with a user-friendly UI and developer API for seamless blockchain asset management. * Venly NFT Tools – A complete NFT suite enabling brands and game developers to integrate digital collectibles effortlessly. * Venly Onboarding Solutions – Secure authentication and blockchain identity solutions that simplify Web3 adoption. Venly’s enterprise-grade security and compliance standards ensure businesses can safely leverage blockchain technology while maintaining top-level security and regulatory alignment. Our tools are trusted by global brands, gaming studios, and financial institutions to power next-generation decentralized applications. This program focuses primarily on Venly Wallet UI and Wallet API, which provide secure and accessible blockchain wallet solutions for businesses and users worldwide.

De Volkskrant is a Dutch daily morning newspaper. Founded in 1919, it has a nationwide circulation of about 250,000 papers per day.

EURid vzw is the registry operator of the .eu, .ею (Cyrillic script) and .ευ (Greek script) country code top-level domains (ccTLD) upon the appointment of the European Commission since 2003. As the registry operator, our biggest concern and priority is the stability and security of the .eu namespace. We also develop and maintain YADIFA since 2012, a lightweight authoritative Name Server with DNSSEC capabilities.

Delen Private Bank is a family-based specialist in asset management, focused on wealth preservation, growth and careful planning. Our core values - entrepreneurship, personal service and long-term vision – inspire us to apply a proactive yet prudent investment philosophy. Honest, no-nonsense products and services help our clients to enjoy the good and beautiful things in life – both today and tomorrow.

Tweakers is a Dutch technology website featuring news and information about hardware, software and the Internet. We take security very serious as many of our users use our site as a trusted source. Therefore we have decided to collaborate with ethical hackers that can inform us about potential vulnerabilities in our systems. If you happen to find a vulnerability we'd be more than happy to hear about it and, if its impact is significant enough, award you a bounty as token of appreciation.

At intigriti, we practice what we preach. We’ve built the platform with the greatest care and attention for security, but all software contains bugs and we are no exception to this rule. We encourage you to responsibly disclose any security vulnerabilities you may encounter and we will reward you accordingly.

The national project “eHealth Hubs & MetaHub” coordinated by the eHealth platform is meant to make medical results from hospitals (and in the near future medical laboratories) available to any caregiver who currently is treating the patient . For detailed information see https://www.ehealth.fgov.be/nl/zorgverleners/online-diensten/hubs-metahub and the URL in the next paragraph. This system supplements the traditional system of addressed ‘email type’ communication to individual referrers. Before medical data about a patient can be shared, that patient has to grant the ‘eHealth informed consent’ (see http://www.patientconsent.be ). Further, care providers declare a therapeutic relationship with the patient. Communication between the hubs and between external physicians and a hub is according to the KMEHR standard: https://www.ehealth.fgov.be/standards/kmehr/content/page/web-services The scope of this project is confined to the hub exploited by VZNKUL (Vlaams Ziekenhuis Netwerk KU Leuven) implementation of this hub system. The central metahub hub from the Belgian government, the other hubs, and the systems at other partners of this project are out of scope.

The application that coordinates the sending of the traffic fines document to the citizens and the reconciliation of the payments.

The Suivo Web Platform provides access to Tracking data from vehicles equiped with Suivo hardware. The platform is built around 4 components: - Real-time Tracking data - Analytics based on historical Tracking data, both in a web view en generated reports - Communication: tasks and messages - Fleet management (Maintenance planning etc.)

This website is used to provide patient access to their radiology images (PACS). Patients logon with their date of birth, and a unique code provided to them by the physician. This code provides access to one study.

Our website is a way to inform and inspire customers about the latest and brightest. It allows to: • Get up to date information about the movies and events we offer; • Choose your favorite movie theater, pick a date and time; • Buy tickets and enhance your experience by choosing for ‘cozy seat’ instead of our normal seats. Just in case you want to have a ‘cozy night’ with your significant other! Cry of laughter or maybe some scary movies are your favorite ones. Via a My Kinepolis account we target movies and unique promotions based on your preferences. While researching our website you can already explore our schedule and plan your next trip to one of our movie theaters. We are ready to be challenged!

Website + Android Apps + iOS Apps Android Apps KWS Companion The application is only to be used by doctors and no logon information will be given. mynexuz CPV The application is only to be used by personnel of UZ Leuven responsible for transport of patients and no logon information will be given. mynexuzhealth app This application is intended to be used by patients in order to consult their private data, their doctors & appointments and more. Login: see below. iOS Apps KWS Companion The application is only to be used by doctors and no logon information will be given. Website mynexuzhealth website This website is intended to be used by patients in order to consult their private data, their doctors & appointments and more. Login: see below. In order to be able to logon to the mynexuzhealth website and app, an ethical hacker will need to request one or more logon credentials via the platform. You can request this information via support (support@intigriti.be). The information they will receive is - A user ID of 8 numbers - A PIN code of 4 numbers - A QRCode