Report a vulnerability: Guideline supports organisations with their CVD policy
Products and services
Coordinatie & ondersteuning
Directe toegang
The aim of Coordinated Vulnerability Disclosure (CVD) is to improve the security of IT systems by sharing knowledge about vulnerabilities. Owners of IT systems can then mitigate vulnerabilities before these will be actively abused by third parties.
Please find below the form in English to submit a CVD report.
These guidelines are a revision of the guideline Responsible Disclosure.
In this revised guideline there is a special attention for the human factor in a successful CVD-policy and for the importance of clear mutual communication. With the help of this guideline organisations can create their own CVD-policy. For example how reporters can submit vulnerabilities to the organisation, how to make agreements about messaging, mitigation terms and possible rewards for the reporter.
Since 2013 the NCSC has received and processed hundreds of reports. Many Dutch organisations actively pursue a CVD-policy. This illustrates the added value of a CVD-process to improve the digital resilience of the Netherlands.