Responsible Disclosure

The Municipality of West Maas en Waal attaches great importance to the security of its systems. Despite all precautionary measures, it remains possible that a vulnerability may be found in the systems.
If you discover a vulnerability in one of our systems, we would like to hear from you so that we can take appropriate measures quickly.

You can read below how to file a report.

Responsible Disclosure

The Municipality of West Maas en Waal attaches great importance to the security of its systems. Despite
all precautionary measures, it remains possible that a vulnerability may be found in the systems.
If you discover a vulnerability in one of our systems, we would like to hear from you so that
we can take appropriate measures quickly. By submitting a report, you, as the
reporter, agree to the Responsible Disclosure agreements below, and the Municipality of West
Maas en Waal will handle your report in accordance with these agreements.

We ask you:

  • Please email your findings to ciso@westmaasenwaal.nl. Encrypt your findings using a tool such as 7-Zip File Manager to prevent the information from falling into the wrong hands.
  • Do not exploit the vulnerability by, for example, downloading more data than is necessary to demonstrate the vulnerability, or by viewing, deleting, or modifying third-party data.
  • Do not share the issue with others until it has been resolved, and delete all confidential data obtained through the breach immediately after the breach has been patched.
  • Do not use attacks targeting physical security, social engineering, distributed denial of service, spam, or third-party applications, and
  • Please provide enough information to reproduce the issue so that we can resolve it as quickly as possible. Usually, the IP address or URL of the affected system and a description of the vulnerability are sufficient, but more information may be needed for more complex vulnerabilities.
  • Please provide your contact information so we can get in touch with you to work together toward a secure resolution. Please include at least one email address or phone number. Please submit the report as soon as possible after discovering the vulnerability.

What we promise:

  • We will respond to your report as soon as possible with our assessment of the issue and an estimated resolution date.
  • If you Requirements complied with Requirements above Requirements , we will not take any legal action against you regarding the report.
  • We will treat your report confidentially and will not share your personal information with third parties without your consent, unless it is necessary to comply with a legal obligation. You may submit a report using a pseudonym.
  • We will keep you updated on the progress of resolving the issue.
  • In our report on the issue, we will, if you wish, credit you as the discoverer, and
  • As a thank you for your help, we offer a reward for every report of a security issue that is currently unknown to us. We determine the amount of the reward based on the severity of the vulnerability and the quality of the report.

We strive to resolve all issues as quickly as possible, and we would appreciate being included in any post on
regarding the issue once it has been resolved.

If you have any questions or requests regarding this statement, please contact the
Data Protection Officer at fg@westmaasenwaal.nl.

Did you find what you were looking for?