Our researchers looking for vulnerabilities
CSIRT: Computer Security Incident Response Team
The CSIRT handles the scanning for and disclosing of vulnerabilities, either discovered by DIVD researchers or third parties and warning people for leaked credentials and operates our CVE Numbering Authority (CNA) capability
Only owners of vulnerable instances receive a notification with the host information and mitigation steps.
![notification email](/images/global/warningemail.png)
Step by step of what you should do
Read the e-mail thoroughly
The email contains all the information you'll need to take actions on this vulnerability. We always share the possible consequences when the vulnerability is exploited by a threat actor.
Check your security policy and forward this email to the right person
Some organisations employ a CISO, developer or other IT-team member, please inform the right person in your organisation about the vulnerability. If you don't have a contact who could help you out, please reply on our email and we'll do our best to help you out.
Check the status of the case on the CSIRT website
We update the casefile whenever there's any news on the vulnerability. This might be when a patch is available or, unfortunately, in some cases when there's no patch available yet we keep you updated on what type of mitigations you can take.
Make sure you're responsible disclosure policy is accurate
Please add 'security.txt' to your responsible disclosure policy. You could use securitytxt.org to easily create a security.txt file and ask your administrator to add it in the source of the website.