I am on the Wall of Fame of NCSC and all I got...

By our experts

For about a decade now, the National Cyber Security Center (NCSC) has been the focal point for security researchers to report vulnerabilities in the digital infrastructure of the national government. NCSC's Fusion Center functions as the eyes and ears of a digitally secure Netherlands. We receive dozens of reports from researchers every day. Fortunately, because by sharing this knowledge about vulnerabilities, researchers contribute directly to a digitally secure Netherlands. Sometimes with a limited impact, but sometimes with a considerable one.

Enlarge image
Image: ©NCSC

Every month, a large stack of packages leaves the ministry's mailroom to locations all over the world. When a vulnerability report comes in via the Coordinated Vulnerability Disclosure form [1], it is assessed by NCSC security specialists. Depending on the impact, it is forwarded to the relevant organization with, if necessary, intended course of action [2]. NCSC remains involved from notification to resolution. We facilitate contact between the reporter and the organization, advise the organization and, if needed, test any implemented measures. Is the vulnerability fixed? Then the reporter receives the package containing the coveted "I hacked the Dutch government and all I got was this lousy t-shirt" shirt.

Some reports can have a major impact on the availability, integrity or confidentiality of central government websites. For example, the report about outdated software that allowed potentially harmful code to be executed on a pre-production environment of a service that many Dutch people use every day. Or that time we were alerted to the application of insufficient input validation, as a result of which personal data of employees of a central government organization could be viewed. And that one report of sensitive documents of an organization that often appears in the media were inadvertently publicly available. These are a few examples of the most memorable reports of the past year. Through quick action by NCSC and the organizations involved, we were able to jointly prevent an incident. This would not have been possible without the security researcher.

That is why we would like to give extra thanks to the researchers of these reports. Because without these reports, which sometimes involve a lot of time and energy, these vulnerabilities might still exist. With the introduction of a "Wall of Fame," we want to put researchers in the spotlight who have made exceptional efforts in the past year to make the Netherlands more digitally secure. In January 2023, after extensive jury deliberations - with security specialists within the Fusion Centre as jury members - it will be determined which researchers with qualitative reports from 2022 have contributed the most to a digitally secure Netherlands. Once approved, the researcher will receive the prestigious spot on NCSC's 2022 Wall of Fame. Of course with a fitting addition to the aforementioned black t-shirt line, the "I am on the 2022 Wall of Fame of NCSC and all I got was this lousy hoody!" sweater.

Sanne Maasakkers
Security specialist at the Fusion Center

Leave a comment

You can leave a comment here. Inappropriate comments will be removed. Comments are limited to 2,000 characters.

* mandatory fields

Comments are limited to 2,000 characters.


No comments have been published yet.