Coordinated Vulnerability Disclosure
Hacking computer systems is not allowed unless an owner explicitly gives permission for this. Some organisations, like Eurofins Cyber Security, have a so-called Coordinated Vulnerability Disclosure (CVD) or Responsible Disclosure (RD) policy. The organisation states in its CVD or RD policy which systems can be hacked, which research methods are allowed to find vulnerabilities and how to report a vulnerability. In the policy you can also read how much time the organisation will need to correct the reported problem.
See also the Coordinated Vulnerability Disclosure Guidelines of the NCSC.
We provide a so-called triage service. This means that every report you receive via the CVD or RD policy is validated by our Security Centre. This means that we assess whether the reported vulnerability is reproducible, what the risk of the vulnerability is, whether the vulnerability has not been reported before and / or was already known. Depending on the risk, the reports will be processed by us within certain deadlines with cooperation of the stakeholder. You then decide whether and how you reward the researcher. We can also take care of the triage for your bug bounty platform.
With its extensive knowledge of a wide range of topics, our Security Centre is able to give you detailed feedback in every situation and can help you to solve vulnerabilities. The triage service is offered as a subscription. Part of this is Eurofins Cyber Security HQ, including incident response.
The advantages of Triage:
- Fast and reliable handling of CVD reports.
- Support in case of incidents.
- Detailed feedback and advice about solutions.