CVD-report form

In the event you find a technical vulnerability in one of the Dutch Central Government's systems, you can report the identified vulnerability to the National Cyber Security Centre. This kind of report is known as a Coordinated Vulnerability Disclosure or CVD. You can find more information about this and other types of reports handled by the NCSC in our CVD policy.

CVDs can be submitted via the form below. To prevent the data from falling into the wrong hands, you can encrypt the contents of your report using our PGP key. For more information about how we will process your CVD and what will be expected from you, please read our CVD policy before submitting your report. Our CVD policy also describes what kinds of vulnerabilities fall within the scope of our activities.

Do you have a question or comment that does not relate to cyber security? If you have a question or comment that does not relate to cyber security, please contact the Dutch Central Government via the general contact information on rijksoverheid.nl.

CVD-report form

Type of vulnerability *

Information about the processing of your personal data

We ask you to provide your name, email address and telephone number in order to communicate with you regarding your report. Providing a name and telephone number is optional. If you are eligible for a reward, we will also need your address if you wish us to send it to you. We may therefore ask for your address after your report is processed. Your data will not be shared with third parties unless disclosure of these data is compelled by law or by a court ruling.

Why are these data being requested?

We need you to provide these data and consent to their processing as otherwise we will be unable to communicate with you regarding your report and any applicable reward. If you are eligible for a reward, we will also request your address details once your report has been processed.

How will your personal data be processed?

We will use your data to enable our staff to process your report, to request additional information if necessary and to send you any reward for which you are eligible. Unless mandated by law, your data will not be shared with any third parties.

How long do we keep your data?

After processing your report and sending you a reward if you are eligible for it. Your personal data will be destroyed.

What are your rights?

You can find more information about your rights on page 'Privacy' (link opens in new tab).

Statement of agreement *