Responsible Disclosure 

Report a vulnerability in one of Kadaster’s ICT systems 

We apply strict security measures to our systems. However, vulnerabilities may still occur in our systems. Kadaster works with the National Cyber Security Centre (NCSC) as an intermediary to handle vulnerability reports. 

Have you found a vulnerability? Follow these 6 steps: 

  1. Email your findings to the NCSC. You will find the email address on the NCSC contact page. If possible, use the NCSC Pretty Good Privacy (PGP) key to prevent the information from falling into the wrong hands.
    • PGP is one of the widely used encryption techniques.
    • The PGP key to be used can be found on the NCSC contact page.
  2. Provide enough information to reproduce the problem so that Kadaster can resolve it as soon as possible. The IP address or URL of the affected system and a description of the found vulnerability is usually enough, but more information may be needed with more complex vulnerabilities, such as a Proof of Concept (PoC).
  3. Please provide your contact details so that the NCSC can contact you to work together on a safe outcome and to provide you feedback on progress. Provide at least an email address or telephone number.
  4. Please report the vulnerability as soon as possible after finding it.
  5. Do not share the safety issue with others until it has been resolved.
  6. Responsibly manage your knowledge about the security problem by not performing unnecessary actions to demonstrate the safety problem.

Do not misuse vulnerabilities in ICT systems 

For instance, by: 

  • placing malware 
  • copying, modifying or deleting data in a system (alternatively, creating a directory listing of a system) 
  • repeatedly gaining access to the system or sharing it with others 
  • using ‘brute-force attack’ on systems 
  • using denial-of-service or social engineering

What you can expect from us 

If your report meets the above conditions, the information you provide will have no legal consequences. We will treat your notification in a strictly confidential manner and will not share any personal data with third parties without your consent unless this is required by law or a judicial decision. 

After you have sent your report, the NCSC will send you an acknowledgement of receipt within 1 working day. 

Kadaster shall respond to your report through the NCSC within 5 working days, providing an assessment of the report and the estimated date for a solution. 

We will keep you informed of progress. We will resolve the security issue that you have identified in a system within a reasonable period of time. 

We will agree on when and how this is to be communicated in mutual consultation. 

NCSC offers a reward to thank you for your help. This reward will vary depending on the severity of the security problem and the quality of the report. It must, in any case, be a serious safety problem that is still unknown to the NCSC. 

This text has been drafted in addition to the NCSC Guide on NCSC.nl

Help us improve

Your feedback is important to us. Please let us know what you think and go to the feedback form on youreurope.europa.eu.

Go to the feedback form

Logo of Your Eurepe. Please visit https://europa.eu/youreurope.
For more information please check the website of Your Europe.

Last update of this page: February 4th, 2022