CVD-report form

In the event you find a technical vulnerability in one of the Dutch Central Government's systems, you can report the identified vulnerability to the National Cyber Security Centre. This kind of report is known as a Coordinated Vulnerability Disclosure or CVD. You can find more information about this and other types of reports handled by the NCSC in our CVD policy.

CVDs can be submitted via the form below. To prevent the data from falling into the wrong hands, you can encrypt the contents of your report using our PGP key. For more information about how we will process your CVD and what will be expected from you, please read our CVD policy before submitting your report. Our CVD policy also describes what kinds of vulnerabilities fall within the scope of our activities.

Do you have a question or comment that does not relate to cyber security? If you have a question or comment that does not relate to cyber security, please contact the Dutch Central Government via the general contact information on

CVD report form

Type of vulnerability(required)
I have read and agree to the terms of the CVD policy(required)
Information about the processing of your personal data

We ask you to provide your name, email address and telephone number in order to communicate with you regarding your report. Providing a name and telephone number is optional. If you are eligible for a reward, we will also need your address if you wish us to send it to you. We may therefore ask for your address after your report is processed. Your data will not be shared with third parties unless disclosure of these data is compelled by law or by a court ruling.

Statement of agreement(required)