Frequently asked questions

In case you still have any questions, we have listed the most frequently asked questions for you.

If this F.A.Q. doesn’t provide the answer you’re looking for, feel free to reach out to us. We strive to respond to your queries to the best of our ability.

English

Is it legal what DIVD is doing?

Dutch jurisprudence is clear: if you address a societal need using appropriate methods, you are permitted to execute minor hacks to prevent more damaging ones. The Dutch Public Prosecution Office and the National Cyber Security Center endorse our approach.

Why did I receive an email from DIVD / CSIRT?

If we find a vulnerability, we’ll set up a case with all the details we know and how to patch this vulnerability. Then we scan known IP adresses to see if they’re vulnerable and if that’s the case we’ll send out an email to every vulnerable IP adress.

Our emails are personally written by one of our researchers and contain a link to the casefile on the csirt.divd.nl site.

Who works for DIVD?

Most of our volunteers work in cybersecurity as their daily job, this could be at a commercial security company, government, or as a freelancer. Some of our volunteers don’t work in security at all but have great interest in making the digital world safer.

All our volunteers are screened, and have provided a certificate of conduct. Our code of conduct is sacred, we do not deviate from it.

What kinds of vulnerabilities do you report?

Any security vulnerability that falls under the category of high risk or high impact. The sequence in which we handle vulnerabilities is influenced by multiple metrics, including the level of exposure online and if the vulnerability is under active exploitation.

How can I contribute to this initiative?

You can join DIVD as a volunteer or as a partner, put security.txt on your website, take action after you’ve received a notification email, and/or make a donation.

Contact

Why did I receive an email from DIVD / CSIRT?

If we find a vulnerability, we’ll set up a case with all the details we know and how to patch this vulnerability. Then we scan known IP adresses to see if they’re vulnerable and if that’s the case we’ll send out an email to every vulnerable IP adress.

Our emails are personally written by one of our researchers and contain a link to the casefile on the csirt.divd.nl site.

How can I contribute to this initiative?

You can join DIVD as a volunteer or as a partner, put security.txt on your website, take action after you’ve received a notification email, and/or make a donation.

Become a volunteer

When can I join DIVD as a volunteer?

At DIVD, we happily welcome individuals from all backgrounds and genders. We do not only welcome and embrace them, but value their unique perspectives and contributions to our community. We believe it is important that everyone feels comfortable and accepted.

Can I join DIVD if I am not living in The Netherlands?

All our volunteers live in The Netherlands. This is because it is very important that they do, for legal reasons. If you are not living in The Netherlands, but you are interested in helping out, you can join our partner: CSIRT.Global.

Who works at DIVD?

Members of DIVD operate in various sectors, such as (commercial) security firms, government agencies, or as independent contractors. Some members don’t work in security at all, but they possess a strong interest in enhancing the safety of the digital world.

All our volunteers undergo a screening process, and are issued a certificate of conduct. Our code of conduct is sacred, we do not deviate from it.

DIVD’s way of working is approved by the Dutch Public Prosecution Office and the National Cyber Security Center. Furthermore, DIVD is affiliated with CSIRT.global, a global volunteer-led nonprofit that enhances global security by addressing overlooked vulnerabilities.

Become a partner

How can I help?

Please check our partner page for more information.

Notification email

Why did I receive an email of DIVD / CSIRT?

If we find a vulnerability, we’ll set up a case with all the details we know and how to patch this vulnerability. Then we scan known IP adresses to see if they’re vulnerable and if that’s the case we’ll send out an email to every vulnerable IP adress.

Our emails are personally written by one of our researchers and contain a link to the casefile on the csirt.divd.nl site.

Learn more about what to do when you receive an email. https://www.divd.nl/warningemail/

Who works at DIVD?

Members of DIVD operate in various sectors, such as (commercial) security firms, government agencies, or as independent contractors. Some members don’t work in security at all, but they possess a strong interest in enhancing the safety of the digital world.

All our volunteers undergo a screening process, and are issued a certificate of conduct. Our code of conduct is sacred, we do not deviate from it.

DIVD’s way of working is approved by the Dutch Public Prosecution Office and the National Cyber Security Center. Furthermore, DIVD is affiliated with CSIRT.global, a global volunteer-led nonprofit that enhances global security by addressing overlooked vulnerabilities.