Responsible disclosure

The Municipality of Voorne aan Zee attaches great importance to the security of its systems. This allows us to safeguard the privacy of our residents and our employees. We regularly scan and test our website to find vulnerabilities. Despite our Security Health , it is possible that a vulnerability has occurred. Do you suspect a vulnerability in any of our systems? If so, please share it with us so we can take appropriate action quickly. We are happy to work with you to improve the security of our website.

By making a report, you, as the reporter, agree to the following agreements about the responsible reporting of security leaks. These agreements mean that you will not share the discovery with third parties until the leak has been fixed. Do you comply with the following Requirements when reporting? Then the Municipality of Voorne aan Zee will not attach any legal consequences to the report.

What do we expect from you?

If you report a vulnerability in our IT system, please consider the following:

  • Please report your findings at nl
  • Please leave your contact information (email address or phone number) so the congregation can contact you.
  • Provide enough information to reproduce the problem. This will allow the municipality to fix the problem as soon as possible. Usually the IP address or URL of the affected system and a description of the vulnerability is sufficient. More complicated vulnerabilities may require more.
  • Make the notification as soon as possible after discovering the vulnerability.
  • Do not share information about the security problem with others until it is resolved.
  • Handle knowledge of the security problem responsibly. Do not take actions beyond what is necessary to demonstrate the security problem.

The following actions are not permitted

If you discover a vulnerability, do not take advantage of it. For example, by:

  • Malware to place.
  • Copy, modify or delete data in a system (an alternative to this is to create a directory listing of a system).
  • Making changes to the system.
  • Repeatedly access the system or share access with others.
  • Using what is known as "bruteforcing" access to systems.
  • Using denial-of-service or social engineering.
  • Disclosing or providing to third parties data of a confidential nature, such as privacy-sensitive data.

What can you expect from us?

Have you reported a vulnerability in an ICT system? The Municipality of Voorne aan Zee handles this report as follows:

  • If you meet all of the above Requirements , we will not file charges against you or bring a civil case against you.
  • If it turns out that you have not complied with any of the Requirements , we may still decide to take legal action against you.
  • The municipality treats your report confidentially. The municipality does not share personal information with third parties without your consent. Unless required by law or court order.
  • The municipality will keep you, the reporter, informed of the progress of solving the problem.
  • The municipality will fix the security problem as soon as possible.
  • The District will work with you to determine if and how notice will be given about the reported problem. Notification will occur only after the problem has been resolved. The municipality may, if you wish, include your name as the discoverer of the reported vulnerability.