A watchful eye in the digital world
We aim to make the digital world safer by reporting vulnerabilities we find in digital systems to the people who can fix them.
Who we are
What we do
DIVD aims to make the digital world safer by reporting vulnerabilities we find in digital systems to the people who can fix them. We have a global reach, but do it Dutch style: open, honest, collaborative, and for free.
Learn more
Scan the internet for vulnerabilities
Reporting the vulnerability to the right people
0 Day disclosure
1 / 3
Our mission
We aim to enhance digital safety by reporting system vulnerabilities to the relevant authorities. With a global reach, we adopt an open, honest, and collaborative approach, providing our services for free.
146
Members
146
Total cases
1.298.306
Vulnerable IPS Notified
Testimonials
Mikko Hyppönen
Technology speaker and author
“We used to think that the work of computer security experts is to secure computers. Over time we’ve come to realize that they actually secure our society. And that’s exactly what DIVD does: they secure our society.”
Dave Maasland
CEO ESET Netherlands
“DIVD is not a project or a regular organisation, it’s a movement, one that lives by the Credo “be the change you wish to see in the world” and we need more of those to progress in the field of digital security.”
Jaya Baloo
CISO Rapid7
“At the Dutch Institute for Vulnerability Disclosure, digital sentinels work tirelessly behind the scenes. They are unsung heroes who dedicate themselves to a safer internet, one vulnerability at a time, strengthening our cyber defenses with quiet resolve and unwavering commitment."
1 / 3
Help us, help you!
Make our work easier by putting our security.txt in the code of your website and our IP 194.5.73.0-255 on your allow list. This way you make sure that our research team can look for vulnerabilities without alarming your cyber security systems. And we know who to talk to when we find vulnerabilities.
More information
Want to become a volunteer?
- Become part of the hacker community with Ethical Hackers, CISO's & researchers
- Develop yourself, we provide very cool stuff at our e-learningplatform
- Activities, a party so now and then and a lifetime stock of DIVD stickers & other merch
Our partners
We would be nothing without our partners (we like to call them friends) and therefore we truly appreciate them. Let us know if you would like to become a DIVD partner.
Become a partnerFrequently asked questions
If this F.A.Q. doesn’t provide the answer you’re looking for, feel free to reach out to us. We strive to respond to your queries to the best of our ability.
Contact All FAQIs it legal what DIVD is doing?
Dutch jurisprudence is clear: if you address a societal need using appropriate methods, you are permitted to execute minor hacks to prevent more damaging ones. The Dutch Public Prosecution Office and the National Cyber Security Center endorse our approach.
Why did I receive an email from DIVD / CSIRT?
If we find a vulnerability, we’ll set up a case with all the details we know and how to patch this vulnerability. Then we scan known IP adresses to see if they’re vulnerable and if that’s the case we’ll send out an email to every vulnerable IP adress.
Our emails are personally written by one of our researchers and contain a link to the casefile on the csirt.divd.nl site.
Who works for DIVD?
Most of our volunteers work in cybersecurity as their daily job, this could be at a commercial security company, government, or as a freelancer. Some of our volunteers don’t work in security at all but have great interest in making the digital world safer.
All our volunteers are screened, and have provided a certificate of conduct. Our code of conduct is sacred, we do not deviate from it.
What kinds of vulnerabilities do you report?
Any security vulnerability that falls under the category of high risk or high impact. The sequence in which we handle vulnerabilities is influenced by multiple metrics, including the level of exposure online and if the vulnerability is under active exploitation.