Reporting vulnerabilities

Reporting Vulnerabilities

We want our website to be a safe and welcoming place for everyone. That's why we do everything we can to keep our website and systems secure. However, it is possible that a vulnerability might occur. If you find a vulnerability in our systems, please let us know so that we can take quick action. In our vulnerability disclosure, you can read more about how to report a vulnerability. We are happy to work with you to better protect our users and systems.

What is a vulnerability?

A vulnerability is a deviation that can lead to an unsafe situation. A weak spot can impact the availability, integrity, or confidentiality of information. For example, you might gain access to our systems and thus to confidential information. This is, of course, not intended.

Do you spot a typo or something else that does not cause unsafe situations but still needs to be fixed? Then contact the web editorial team by sending an email to info@eccnet.eu
 

Rules for reporting a vulnerability

There are a few rules for reporting a vulnerability. Read below to understand what we expect from you and what you can expect from us.
 

What we expect from you

  • Test our website responsibly. Only do what is necessary to find a bug, leak, or other type of vulnerability.
  • Do not exploit the vulnerability. For example, do not download more data than needed to demonstrate the leak, and do not view, delete, or modify third-party data.
  • Follow the rules to avoid legal procedures.
  • Use our secure messaging system to report the vulnerability.
  • Report the vulnerability as soon as you discover it.
  • Clearly explain the issue so we can resolve it quickly. Typically, providing the IP address or URL and a brief description is sufficient. Screenshots are also helpful. The more complex the issue, the more information we may need.
  • Do not disclose the discovered vulnerability to others until the issue is resolved.
  • Share your email address with us so we can contact you.
     

What is not allowed

  • Sending harmful software (malware).
  • Copying, modifying, or deleting data on our website or in our systems.
  • Downloading more data than necessary to demonstrate the vulnerability.
  • Modifying codes or information in systems.
  • Hacking the system repeatedly or persistently.
  • Sharing vulnerabilities with others.
  • Attempting to forcefully access our website through brute force.
  • Conducting Denial of Service (DOS) attacks.
  • Engaging in social engineering (psychological manipulation).
     

What you can expect from us

  • Your personal data is safe with us. The information you share with us will not be shared with others unless required by law or a court.
  •  You will be credited for reporting the vulnerability. We will place your name and the report on our Wall of Fame, but only with your permission. You will be credited for reporting the vulnerability. 

After reporting a vulnerability, you can expect the following from us:

  • Within 5 working days, you will receive a response, and we will inform you about what we plan to do with your report. If it takes a long time to resolve the issue, you will receive updates on the progress.
  • You will have the opportunity to decide with us if and how the problem will be made public. Note: We only disclose information after the problem has been resolved.

Report vulnerability

Did you find a bug, leak, or other type of vulnerability on our website? 
Please let us know as soon as possible via a secure email.

I want to submit a report

More information

  • You can report a vulnerability to us through our secure messaging system. Please include the following information in your email:

    • Name (optional)
    • Email address
    • Type of vulnerability, for example:
      • Injection
      • Broken authentication
      • Exposure of sensitive data
      • XML External Entities (XXE)
      • Security misconfigurations
      • Cross-site scripting (XSS)
      • Broken access control
      • Insecure deserialization
      • Availability
      • Integrity
      • Confidentiality
      • Other
    • A clear description of the vulnerability
    • An explanation of why the discovered vulnerability is worth reporting

    I want to submit a report

    #report-vulnerability

    Copied to clipboard!

  • When reporting a vulnerability, you might see the logo of het Juridisch Loket. This occurs because the ECC responsible for this website (www.eccnet.eu) is the Dutch branch of ECC-Net, which operates under the host organisation het Juridisch Loket and uses its facilities.

    #het-juridisch-loket

    Copied to clipboard!

  • We handle personal data and the information you share with us with care. Below, you can read why we ask for certain information and what we do with it.

    • Why do we ask for your name and email address? 
      We ask for your name and email address so we can contact you regarding your report. If you prefer to remain anonymous, that's fine; providing your name is not required. However, we do need an email address to get in touch with you.
    • How is your data processed? 
      We use your data and information solely to resolve the issue with you. Once the issue is resolved, we anonymize your data. We use a secure messaging system to receive reports and do not share your personal data with third parties unless required by law or a court order.
    • What are your rights? 
      Under privacy regulations, you have various rights. You can read more about these rights in our privacy statement.

    #privacy

    Copied to clipboard!

  • Our policy is based on the Coordinated Vulnerability Disclosure guidelines from the NCSC and the example policy by Floor Terra, which is published under a Creative Commons Attribution 3.0 license.

    #origin-of-our-policy

    Copied to clipboard!
Need help finding information?

We can help you find the information you’re looking for

Which of these best describes your role?
What is the main reason for your visit?