A watchful eye in the digital world

We aim to make the digital world safer by reporting vulnerabilities we find in digital systems to the people who can fix them.

Who we are
Picture of the entrance to a mine
case

CASE: GLOBAL VMWARE ESXI RANSOMWARE ATTACKS

Read more
Image of an envelope

Received an E-mail from us? Don’t worry! Learn more here.

Read more
Picture of group of people depicting the DIVD family

Become part of DIVD and help us protect the digital world

Read more
1 / 3

What we do

DIVD aims to make the digital world safer by reporting vulnerabilities we find in digital systems to the people who can fix them. We have a global reach, but do it Dutch style: open, honest, collaborative and for free.

Learn more
Image of an hourglass over a warning icon

Scan the internet for vulnerabilities

Drawing of a person sitting in from of a screen of code

Reporting the vulnerability to the right people

Image of an hourglass over a warning icon

0 Day disclosure

1 / 3

Our proudest work

Picture of the entrance to a mine
case

CASE: GLOBAL VMWARE ESXI RANSOMWARE ATTACKS

Read more
case

CASE: AUTHENTICATION BYPASS & REMOTE CODE EXECUTION IN CONNECTWISE SCREENCONNECT

Read more
Picture of a bug (insect)
case

CASE : AUTHENTICATION BYPASS IN JETBRAINS TEAMCITY

Read more
1 / 3

Our mission

We aim to make the digital world safer by reporting vulnerabilities we find in digital systems to the people who can fix them. We have a global reach, but do it Dutch style: open, honest, collaborative and for free.

  • 130

    Members

  • 115

    Total cases

  • 687.759

    Vulnerable IPS Notified

Testimonials

Mikko Hyppönen

Mikko Hyppönen

Technology speaker and author

“We used to think that the work of computer security experts is to secure computers. Over time we’ve come to realize that they actually secure our society. And that’s exactly what DIVD does: they secure our society.”

Dave Maasland

Dave Maasland

CEO ESET Netherlands

“DIVD is not a project or a regular organisation, it’s a movement, one that lives by the Credo “be the change you wish to see in the world” and we need more of those to progress in the field of digital security.”

Jaya Baloo

Jaya Baloo

CISO Rapid7

“At the Dutch Institute for Vulnerability Disclosure, digital sentinels work tirelessly behind the scenes. They are unsung heroes who dedicate themselves to a safer internet, one vulnerability at a time, strengthening our cyber defenses with quiet resolve and unwavering commitment.

1 / 3

Help us, help you!

Make our work easier by putting our security.txt in the code of your website and our IP 194.5.73.0-255 on your allow list. This way you make sure that our research team can look for vulnerabilities without alarming your cyber security systems. And we know who to talk to when we find vulnerabilities.

 

More infornation

 

CSIRT Team

Want to become a volunteer?

  • Become part of the hacker community with Ethical Hackers, CISO's & researchers
  • Develop yourself, we provide very cool stuff at our e-learningplatform
  • Activities, a party so now and then and a lifetime stock of DIVD stickers & other merch
Become a volunteer Open roles
Become a volunteer

Our Partners

A2B Internet
Atom86
BIT
Cryptshare
Cyver
ESET
LunaVia
Protect4S
Schouten Zekerheid
SIDN Fund
Schuberg Philis
VM Ware

We would be nothing with our partners (we like to call them friends) and therefore we truly appreciate them. Let us know if you want to become a DIVD partner

Become a partner

Frequently asked questions

If this F.A.Q. doesn't answer your question, please do not hesitate to contact us. We'll do our best to answer your question to the best of our knowledge.

Contact All FAQ

Is it legal what DIVD is doing?

The Dutch jurisprudence is clear: if you serve a societal need with appropriate means, you are allowed to perform these small hacks in order to prevent the real damaging hacks. Our way of working is approved by the Dutch Public Prosecution Office the National Cyber Security Center.

Why did I receive an email from DIVD / CSIRT?

If we find a vulnerability, we’ll set up a case with all the details we know and how to patch this vulnerability. Then we scan known IP adresses to see if they’re vulernable and if that’s the case we’ll send out an email to every vulnerable IP adress.

Our emails are personally written by one of our researchers and contain a link to the casefile on the csirt.divd.nl site.

Who works for DIVD?

Most of our volunteers work in cybersecurity as their daily job, this could be at a comercial security company, government or as a freelancer. Some of our volunteers don’t work in security at all but have great interest in making the digital world safer.

All of our volunteers are screened and provided an certificate of conduct. Our code of conduct is sacred, we do not deviate from it.

What type of vulnerabilities do you notify?

Anything that is classified as high risk / high impact. We prioritize the vulnerabilities we work on by various metrics, for instance how big the exposure on the internet is and if it is being actively abused or not.

How can we contribute this initiative?

Join DIVD as a volunteer or as a partner, put security.txt on your website, take action after you’ve received a notification email or make a donation.