Spring naar content
Coordinated Vulnerability Disclosure (Responsible Disclosure)

Coordinated Vulnerability Disclosure (Responsible Disclosure)

We, the Dutch Police, consider the security of our system vraaghetdepolitie.nl a top priority. No matter how much effort we put into system security, there still may be vulnerabilities present. If you would find such a weak spot, we would appreciate it if you would report this this to us. We are happy to work together to address the problem, to investigate and to fix it.

What to do if you discover a weak spot or a flaw in our system vraaghetdepolitie.nl ?

  • Email your findings to responsible-disclosure@politie.nl; 
  • Provide sufficient information to reproduce the problem, so we will be able to resolve it as quickly as possible;
  • Erase all confidential data obtained through the problem immediately after the problem has been solved;
  • Leave your contact information (at least email address or phone number), so we can work together on a secure outcome. 

What not to do if you discover a vulnerability in the ICT system?

  • Take advantage of the vulnerability or problem you have discovered, for example by downloading more data than necessary, or deleting or modifying other people's data;
  • Share information on the security problem with other parties or persons;
  • Install malware or applications of third parties;
  • Copy, change or delete data in the system or create a directory listing of the system;
  • Perform attacks on physical security, attempt (distributed) denial of service, employ social engineering.

What we promise, what to expect from us?

  • You will receive a reply, relating to the content of your report within five business days;
  • We will treat your report with strict confidentiality, and will not share your personal information without your permission, unless Dutch law or a court order requires us to do so;
  • We will keep you informed about the progress of resolving the problem;
  • As a token of our gratitude you will receive a small reward for reporting a new and valuable issue, if the information provided actually did contribute to improving the security of our system. You will be admitted to our Hall of Fame.