Report a vulnerability
A vulnerability in the website or in computer systems of the GGD?
Let us know!
It is important that our website and computer systems are properly secured. However, it is possible that there is a security vulnerability somewhere. Do you happen to find one? Then let us know as soon as possible. Then we can improve the security before someone can take advantage of the vulnerability. Don’t take advantage of the weak spot yourself.
How do you report a vulnerability?
Do you want to report a vulnerability in the security of our website or computer systems? Then fill in the contact form.
- Give as much information as possible about the vulnerability, so we can find it:
- Where is the weak spot?
- How did you find it?
- Report the vulnerability as soon as possible after you have discovered it. That way we can take action quickly.
- Don’t send information about it to people outside the GGD until we contact you. Has the problem been solved? Then we’ll agree with you on whether it’s necessary to disclose information about it. And if so, who does it and how. In this way, together we ensure that others cannot take advantage of the weak spot.
- Don’t abuse the weak spot yourself. Only do what is necessary to show the weak spot. And nothing else. It can happen that you do something that is forbidden. For example:
- Downloading, changing or removing data. Or influencing data in any other way.
- Change something in one of our systems.
- Put a computer virus or other malware in our website or computer systems.
- Entering a system that you do not have permission to enter. Or let others in there.
- Using methods of hackers or internet criminals. For example, to crack passwords, to cheat users of systems, or to damage systems. Methods of hackers include brute force, social engineering, phishing, or denial of service (DoS).
What do we do with your report?
Do you report a security vulnerability to us? Then you can expect this:
- Within 1 working day we will let you know that we have received your report.
- Within 3 days we will let you know what we are going to do with your report.
- We will regularly let you know how far we are in solving the problem.
- We will make sure that the weak spot is secured again as soon as possible. After that, we will check with you whether it is necessary to let others know what has happened.
- We will treat your report confidentially. We may only give your information to others if we have your permission. Unless required by a judge or the law. Or if you’ve taken advantage of the weak spot you’ve found.
- Did you happen to discover a weakness? And you’ll let us know immediately? Then we won’t go to the police. Do we think you’re trying to hack into our systems? Or that you’re taking advantage of a weakness? Then we’ll see if we can report it to the police.