CVD-report form

With this form you can submit a CVD-report to the NCSC. Complete the CVD-form with your findings. This form will be sent automatically to cert@ncsc.nl. To prevent the information from falling into the wrong hands, please use the PGP key from the NCSC.

CVD-report form

First name

Optional for sending a reward

Middle name

Optional for sending a reward

Last name

Optional for sending a reward

E-mail

Phone number

Optional for direct contact

Attachment

Limit is 10MB. Remove special characters. Video’s are not accepted

Vulnerability type

Explanation of vulnerability

Short explanation about the vulnerability and why this is a risk

Step-by-step explanation of the vulnerability

Explain step by step how the vulnerability can be validated. If possible, add screenshots to substantiate it. If you have PGP encryption options, send a PGP encrypted message. Please use the PGP NCSC year.

https://www.ncsc.nl/contact/pgp-key

Don't forget to include your own Public PGP key in the field PGP key so that we can reply PGP encrypted messages.

Explain why the vulnerability found is worth reporting.

Is there a chance of being actively exploited?

High Medium Low

Provide an estimate of the likelihood that an attacker will actively exploit the vulnerability.

Risk of damage?

High Medium Low

Provide an estimate of the likelihood of damage if the vulnerability is exploited.

Domain or IP address to which the vulnerability relates.

Specify the ip address or hostname which is vulnerable.

Public PGP key

If you have PGP encryption options, send a PGP encrypted message. Please use the PGP NCSC year key. https://www.ncsc.nl/contact/pgp-key. Don't forget to include your own Public PGP key in the field "Public PGP key" so we can send you PGP encrypted messages

avg-en

Information about the processing of your personal data

Providing your name and address information is optional. If you wish to be eligible for a reward, we need your name and address to send you the reward. Your data will not be shared with third parties and saved until the report has been processed. Please, be compliant with the international address standard when you write down your address (http://www.upu.int/en/activities/addressing/postal-addressing-systems-in-member-countries.html).

Why is this data required?

We will use your data, having obtained your permission, because we cannot send you a reward otherwise.

How does your data get processed?

We will use your data to contact you and to send you an reward if you are eligible for a reward. Your personal data will be handled by our own employees. We will not share your personal data with others.

How long do we keep your data?

After processing your report and sending you a reward if you are eligible for it. Your personal data will be destroyed.

What are your rights?

You can find more information about your rights on page 'Privacy' (link opens in new tab).

Statement of agreement

The data provided by you may be used for communication in relation to the notification you made and for sending a reward if you qualify.

CVD-report form

CVD-report form

Information about the processing of your personal data

Why is this data required?

How does your data get processed?

How long do we keep your data?

What are your rights?

Share this page