Facebook-f Youtube X-twitter Instagram

Security Policy

  1. Home
  2. Security Policy

Responsible Vulnerability Disclosure
Navigazione Libera del Golfo S.p.A. is committed to ensuring the security and integrity of its digital services and infrastructure.
We welcome responsible reports of potential security vulnerabilities that may affect our websites, applications or systems, as long as such reports comply with the guidelines below.

Scope of application
This policy applies to:
Publicly accessible websites and web applications managed by Navigazione Libera del Golfo S.p.A.
Online services owned and under the direct control of the Company
The policy Not applies to:
Third party services not directly controlled
Denial of Service (DoS/DDoS) type testing
Social engineering, phishing, or physical security testing activities

Responsible reporting guidelines
If a potential vulnerability is identified, you are asked to:
Do not exploit the vulnerability beyond what is strictly necessary to verify its existence
Do not access, modify, delete or exfiltrate data
Do not interrupt or degrade the services
Please do not publicly disclose your report prior to our evaluation
Provide sufficient technical detail to allow analysis
Reporting should include, where possible:
Clear description of the problem
URLs or systems involved
Playback steps
Possible Proof of Concept

Reporting methods
Security reports can be sent to:
ufficioced@nlg.it
Recommended item: Security Vulnerability Report
All reports will be evaluated by our technical team as part of internal security processes.

Bug Bounty and rewards
Navigazione Libera del Golfo S.p.A. does not have any bug bounty program, public or private.
Sending a report does not give the right to any financial compensation, reward or bounty, regardless of the validity or severity of the reported vulnerability.

Legal safe harbor
If the report is made in good faith and in compliance with this policy, the Company will not take legal action against the reporter.
This protection does not apply to:
Malicious or malicious activity
Vulnerability exploitation beyond simple verification
Extortion attempts or requests for compensation

Thanks
We thank the cybersecurity community for their contributions to improving the security of digital systems.

Last update: January 2026

NLG
Agency area

Access to accredited
agencies

THE NEW ONLINE B2B PORTAL IS NOW ACTIVE!
AGENCIES REGISTERED BEFORE 2021 MUST REQUEST THE NEW CODES BY SENDING AN EMAIL TO customercare@nlg.it .
Are you already a registered agency?
To purchase, click the button below.
ADV AREA
Not registered?
REGISTER
Agency area

Access to accredited
agencies

THE NEW ONLINE B2B PORTAL IS NOW ACTIVE!
AGENCIES REGISTERED BEFORE 2021 MUST REQUEST THE NEW CODES BY SENDING AN EMAIL TO customercare@nlg.it .
Are you already a registered agency?
To purchase, click the button below.
ADV AREA
Not registered?
REGISTER