Responsible Disclosure

The municipality of West Maas en Waal attaches great importance to the security of its systems. Despite all precautions, it remains possible that a weak spot in the systems may be found.
If you discover a weak spot in one of our systems, please let us know so that we can take appropriate measures quickly.

You can read how to report an incident below.

Responsible Disclosure

The municipality of West Maas en Waal attaches great importance to the security of its systems. Despite
all precautions, it remains possible that a weak spot in the systems may be found.
If you discover a vulnerability in one of our systems, we would like to hear from you so that
we can take appropriate measures quickly. By reporting a vulnerability, you agree to
the terms and conditions below regarding Responsible Disclosure, and the municipality of West
Maas en Waal will handle your report in accordance with the terms and conditions below.

We ask you:

  • Email your findings to informatieveiligheid@westmaasenwaal.nl. Encrypt your findings using, for example, 7-Zip File Manager to prevent the information from falling into the wrong hands.
  • Do not abuse the problem by, for example, downloading more data than is necessary to demonstrate the leak or viewing, deleting, or modifying third-party data.
  • Do not share the problem with others until it has been resolved, and delete all confidential data obtained through the leak immediately after the leak has been closed.
  • Do not use attacks on physical security, social engineering, distributed denial of service, spam, or third-party applications, and
  • Provide sufficient information to reproduce the problem so that we can resolve it as quickly as possible. Usually, the IP address or URL of the affected system and a description of the vulnerability are sufficient, but more may be needed for more complex vulnerabilities.
  • Please provide your contact details so that we can get in touch with you to work together on a secure solution. Please provide at least one email address or phone number. Please submit the report as soon as possible after discovering the vulnerability.

What we promise:

  • We will respond to your report as soon as possible with our assessment of the report and an expected date for a solution.
  • If you have complied with the above conditions, we will not take legal action against you in relation to the report.
  • We will treat your report confidentially and will not share your personal data with third parties without your consent, unless this is necessary to comply with a legal obligation. It is possible to report under a pseudonym.
  • We will keep you informed of the progress made in resolving the issue.
  • In reporting on the reported problem, we will, if you wish, mention your name as the discoverer, and
  • As a thank you for your help, we offer a reward for every report of a security issue that is not yet known to us. We determine the size of the reward based on the severity of the leak and the quality of the report.

We strive to resolve all issues as quickly as possible and would appreciate being notified at
if you plan to publish anything about the issue after it has been resolved.

If you have any questions or requests regarding this statement, please contact the Data Protection Officer at
. Data Protection Officer via fg@westmaasenwaal.nl.

Did you find what you were looking for?