CVD-report form

With this form you can submit a CVD-report to the NCSC. Complete the CVD-form with your findings. This form will be sent automatically to cert@ncsc.nl. To prevent the information from falling into the wrong hands, please use the PGP key from the NCSC.

CVD-report form

Optional for sending a reward

Optional for sending a reward

Optional for sending a reward

Optional for direct contact

Limit is 10MB. Remove special characters. Video’s are not accepted

Short explanation about the vulnerability and why this is a risk

Explain step by step how the vulnerability can be validated. If possible, add screenshots to substantiate it. If you have PGP encryption options, send a PGP encrypted message. Please use the PGP NCSC year.

https://www.ncsc.nl/contact/pgp-key

Don't forget to include your own Public PGP key in the field PGP key so that we can reply PGP encrypted messages.

Is there a chance of being actively exploited?

Provide an estimate of the likelihood that an attacker will actively exploit the vulnerability.

Risk of damage?

Provide an estimate of the likelihood of damage if the vulnerability is exploited.

Specify the ip address or hostname which is vulnerable.

If you have PGP encryption options, send a PGP encrypted message. Please use the PGP NCSC year key. https://www.ncsc.nl/contact/pgp-key. Don't forget to include your own Public PGP key in the field "Public PGP key" so we can send you PGP encrypted messages

avg-en

Information about the processing of your personal data

Providing your name and address information is optional. If you wish to be eligible for a reward, we need your name and address to send you the reward. Your data will not be shared with third parties and saved until the report has been processed. Please, be compliant with the international address standard when you write down your address (http://www.upu.int/en/activities/addressing/postal-addressing-systems-in-member-countries.html).

Why is this data required?

We will use your data, having obtained your permission, because we cannot send you a reward otherwise.

How does your data get processed?

We will use your data to contact you and to send you an reward if you are eligible for a reward. Your personal data will be handled by our own employees. We will not share your personal data with others.

How long do we keep your data?

After processing your report and sending you a reward if you are eligible for it. Your personal data will be destroyed.

What are your rights?

You can find more information about your rights on page 'Privacy' (link opens in new tab).

Statement of agreement