Controls

Terug naar overzicht
Version

SB.18.002 Coordinated Vulnerability Disclosure Policy

Medium
Medium
Medium
Organisation
v2.0 (Q1 2024)
Vulnerability Management

Description

The organization has a published Coordinated Vulnerability Disclosure Policy to encourage security researchers and individuals to ethically find and report vulnerabilities.

Specification

For external suppliers the policy should be in accordance with the guidelines of the Dutch National Cyber Security Centre (NCSC): https://english.ncsc.nl/publications/publications/2019/juni/01/coordinated-vulnerability-disclosure-the-guideline

The policy should be easy to find and should also be referenced to in security.txt