How we work towards a more safe digital world

We are a collective with over 130 very enthusiastic and skilled people who are passionate about security & cyber. We work voluntarily to make the digital world a little safer every day.

Learn more
What we do

What we do

DIVD scans the internet on the presence of Common Vulnerabilities and Exposures (CVEs) which might be quite impactfull. When we find vulnerable URLs, we send owners an notification email on the vulnerability present, where we found it and what to do.

We also find new vulnerabilities (zero-days) and share these with the software vendor, so they can fix it. Furthermore, when we detect instances of compromised credentials, we take swift action by alerting affected individuals via email and urging them to immediately change their passwords or take other necessary steps.

  • Scan the internet for vulnerabilities

    When our CSIRT team finds or becomes aware of a vulnerability, they scan the internet and identify the affected systems.

  • Reporting the vulnerability to the right people

    When affected systems are identified, we investigate the owners of these systems and notify them. Our notification email informs them and offers steps to fix or mitigate the issue.

  • 0 Day disclosure

    DIVD is also a CVE Numbering Authority, in this role we assign CVE numbers and help security researchers engage with vendors to disclose vulnerabilities.

  • 130

    Members

  • 115

    Total cases

  • 687.759

    Vulnerable IPS Notified

Our proudest work

Picture of the entrance to a mine
case

CASE: GLOBAL VMWARE ESXI RANSOMWARE ATTACKS

Read more
case

CASE: AUTHENTICATION BYPASS & REMOTE CODE EXECUTION IN CONNECTWISE SCREENCONNECT

Read more
Picture of a bug (insect)
case

CASE : AUTHENTICATION BYPASS IN JETBRAINS TEAMCITY

Read more
1 / 3
Ethics

Ethics at the base of everything we do

As we work on sensitive data, gathered without informed consent, we established this Code of Conduct to provide an ethical base for the work we do. This code can also be used by other researchers working on what is currently referred to as responsible disclosure, or coordinated vulnerability disclosure.

Code of conduct

Testimonials

Mikko Hyppönen

Mikko Hyppönen

Technology speaker and author

“We used to think that the work of computer security experts is to secure computers. Over time we’ve come to realize that they actually secure our society. And that’s exactly what DIVD does: they secure our society.”

Dave Maasland

Dave Maasland

CEO ESET Netherlands

“DIVD is not a project or a regular organisation, it’s a movement, one that lives by the Credo “be the change you wish to see in the world” and we need more of those to progress in the field of digital security.”

Jaya Baloo

Jaya Baloo

CISO Rapid7

“At the Dutch Institute for Vulnerability Disclosure, digital sentinels work tirelessly behind the scenes. They are unsung heroes who dedicate themselves to a safer internet, one vulnerability at a time, strengthening our cyber defenses with quiet resolve and unwavering commitment.

1 / 3