Responsible disclosure

Dit is een afdruk van een pagina op Rechtspraak.nl. Kijk voor de meest actuele informatie op Rechtspraak.nl (http://www.rechtspraak.nl). Deze pagina is geprint op 01-01-1970.

Skip Navigation LinksEnglish > Contact > Responsible disclosure

Responsible disclosure

The ICT systems of the Dutch Judiciary obviously have to be safe and sound. That is why we pay great attention to ICT security. Yet it may be that you find a weak spot in one of our systems. We would appreciate it to the highest degree if you were to report this vulnerability to us, in order for us to work together to investigate the problem and fix it. However, it is imperative that you do so in a responsible manner. For us, but also for your own sake. You may rest assured that your report has no legal consequences for you if you follow the guiding principles below.

 

 

 FAQ's responsible disclosure

>Alles uitklappen
    • ​Email your findings to cert.spir-it@rechtspraak.nl. We request that you encrypt your email with the PGP (Pretty Good Privacy) key of the Netherlands Judiciary to prevent the information from falling into the wrong hands;
    • Make your report as soon as possible after you have unearthed the vulnerability;
    • Provide sufficient information to reproduce the problem, so that we can fix it expeditiously. Usually the IP address or URL of the affected system and a description of the weak spot are sufficient, but in more complex cases additional information may be required;
    • Leave your contact information in order for us to work with you on a secure outcome. We need at least an email address or a phone number from you.
    • ​Share information on the security problem with other parties;
    • Install malware;
    • Copy, change, or delete data in a system, or create a directory listing of a system;
    • Make changes in the system;
    • Enter the system repeatedly or share access with others;
    • ‘Brute-force attack’ the system;
    • Attempt a denial-of-service (DOS) attack or employ social engineering techniques.
    • ​We will treat your report confidentially and will not share your personal information with third parties without your permission, unless Dutch law or a court order requires us to do so;
    • You will receive an acknowledgement of receipt within one business day;
    • You will receive a reply relating to the content of your report within five working days;
    • Whenever possible, we will collaborate to resolve the issue. In any case, we will keep you informed on the progress.
    • If your information actually has contributed to improving the security of our ICT systems, you will receive a small present as a token of our appreciation.

Other pages: