RGF Staffing Belgium is part of global player RGF Staffing, one of the world's largest HR services providers, with activities in Australia, Asia, Europe and North America. With a focus on digital platforms, we allow our candidates & customers using selfservice solutions we provide. As an HR company, a lot of PII-data is managed internally. We want to be an example within the market to guarantee the confidentiality of our data, following the highest information security & privacy standards.
This is a responsible disclosure program without bounties.
Validation times
We will validate all submissions within the below timelines, once your submission has been verified by Intigriti.
Submissions validated outside of this may be awarded a €25 bonus.
| Vulnerability Severity | Time to validate |
|---|---|
| Exceptional | 2 Working days |
| Critical | 2 Working days |
| High | 5 Working days |
| Medium | 15 Working days |
| Low | 15 Working days |
This remains at the discretion of RGF Staffing Belgium to award.
Check our fix
We offer up to €50 bonus to verify a resolved issue for us (when requested).
This remains at the discretion of RGF Staffing Belgium to award.
Rewards
We do not offer monetary rewards for Responsible Disclosure reports, but if you report via our RGF Staffing Responsible Disclosure program on Intigriti, for all valid Medium+ reports we do offer swag as a sign of appreciation.
The only monetary reward exceptions are the specific assets listed in our Registered Bug Bounty Program on Intigriti. Please note that for the Registered Bug Bounty Program, we will only accept reports for those assets that are listed into the program scope and no other variations.
For all other assets, regardless of the reporting method, we recognize researchers who submit previously unknown vulnerabilities that result in a code or configuration change by offering a place in our Security Hall of Fame (HoF).
Duplicates
When duplicates occur, we will only accept the first report. A duplicate is a vulnerability that we are already aware of, regardless of how we first became aware of it (it could have also been discovered by us internally).
Disclosure
You are not allowed to publicly discuss or publish any vulnerability before it has been fixed and you have received explicit permission from us to do so.
The website located at https://uat-www.startpeople.be/nl/ is the User Acceptance Testing (UAT) version of Start People's official website, startpeople.be. This UAT environment is used for testing new features, updates, and configurations before they are implemented on the live production site. It allows for testing functionality, identifying potential bugs or vulnerabilities, and ensuring everything works as expected in a safe, non-public environment. This helps ensure that any changes are thoroughly vetted before going live, providing a secure and stable experience for users.
The website located at https://uat-www.brightplus.be/nl/ is the User Acceptance Testing (UAT) version of BrightPlus official website, brightplus.be. This UAT environment is used for testing new features, updates, and configurations before they are implemented on the live production site. It allows for testing functionality, identifying potential bugs or vulnerabilities, and ensuring everything works as expected in a safe, non-public environment. This helps ensure that any changes are thoroughly vetted before going live, providing a secure and stable experience for users.
The website located at https://uat-www.career.be/nl/ is the User Acceptance Testing (UAT) version of Unique Career official website, career.be. This UAT environment is used for testing new features, updates, and configurations before they are implemented on the live production site. It allows for testing functionality, identifying potential bugs or vulnerabilities, and ensuring everything works as expected in a safe, non-public environment. This helps ensure that any changes are thoroughly vetted before going live, providing a secure and stable experience for users.
This program follows Intigriti's contextual CVSS standard
related to leakage of PII, this will most likely always result in Critical or Exceptional
Exceptional
Critical
High
Medium
Low
You can self-register on the application but please don’t forget to use your @intigriti.me address.
You can self-register on the application but please don’t forget to use your @intigriti.me address.
To access the site, there is a pre-authentication
Yes, however, please note that there are functional/content releases every monday, wednesday & friday between 11-12AM Belgium time
Mails will be only sent on this UAT environment in the user creation part. When using functionality to apply for a job etc, no mails will be sent.
For obvious reasons we can only allow submissions or applications for our program with a valid Intigriti account.
It will only take 2 minutes to create a new one or even less to log in with an existing account, so don't hesitate and let's get started. We would be thrilled to have you as part of our community.
