U bevindt zich op:EnglishCoordinated Vulnerability Disclosure Policy

Coordinated Vulnerability Disclosure Policy

At the Public Health Service Limburg South (GGD Zuid Limburg) we give utmost importance to the safety of our systems, programs and services.

However, there can be weak points in these systems, programs and services, despite the care we take regarding security. In case you detect these vulnerabilities you can safely report them to us.

This approach is also known as Coordinated Vulnerability Disclosure (CVD).

This way the GGD Zuid Limburg can take protective measures as quickly as possible. We are keen to cooperate with you to protect our users, systems and data of our citizens and employees even better.

Our Coordinated Vulnerability Disclosure policy is not an invitation to actively scan our company network for weaknesses. We monitor our company network. Therefore, we are likely to pick up your scan, which our Computer Emergency Response Team (CERT) / IT-department will investigate, and which will possibly lead to unnecessary costs.

Computer trespass is prohibited by law, also in case of ethical hacking. If you comply with our Coordinated Vulnerability Disclosure policy, we have no reason to take legal actions against you. However, the Public Prosecutor always has the right to decide whether or not to prosecute you.

We ask you to:

We ask you to:

On behalf of GGD Zuid Limburg, Z-CERT is the organization handling the CVD-findings. They will work in close contact with you and the GGD Zuid Limburg to ensure follow-up of your reported vulnerability finding.

Here you can read how you can report your findings, what you can expect from the handling of your report by Z-CERT and which rules you must adhere to. Out of scope vulnerability findings will not be given any follow up.    

We promise you that:

We promise you that:

  • We will treat your report confidentially and will not share your personal data unless required by law.
  • Z-CERT will keep you informed of the progress towards resolving the problem.
  • Only in case you would desire this, you will receive an honorable mention on our Hall of Fame.

You can report anonymously or under a pseudonym. In this case, however, Z-CERT will not be able to contact you for things such as follow-up steps, progress of resolving the issue, or publication of the finding.

We strive to resolve any vulnerability as soon as possible.

Hall of Fame

Hall of Fame

Does your report deserve an honourable mention according to GGD Zuid Limburg? With your permission, we will then include your name in the 'Hall of Fame' below.

GGD Zuid Limburg thanks the people below for reporting their findings about our systems. Thanks in part to their efforts, security is at the right level.

  • Name | Year