We represent a team of highly skilled security researchers who seek and report vulnerabilities as a voluntary service next to their jobs. Some use their real names, while most work under nick names, using DIVD as a fire wall to protect them from journalists, lawyers and recruiters. We take care they follow our code of conduct, which is based on the Dutch Guideline for Coordinated Vulnerability Disclosure. So, although you will probably never meet our researchers, you may hope they are checking your systems right now, before the bad guys do...
Meanwhile, their research also serves as an empirical base to discover trends in security, stimulate security awareness and develop new methodologies in vulnerability research and disclosure. To structure their creative work, we are currently setting up departments, such as General Research, Unique Intelligence, Validated OSINT and Advisories for fixing vulnerabilities.
• Victor Gevers: Chairman, Head of Research, Visionary and Janitor of our online environment. He is champion in Responsible Disclosure, with 5.600+ vulnerability reports successfully handled in the last 18 years. Don’t send him e mails, as he receives millions a day. His preferred channel is Twitter.
• Chris van ‘t Hof: Secretary, text writer and a guy who tries to keep everyone together. He has been researcher, writer and presenter in ICT for 22 years now. His preferred channel is e mail.
• Astrid Oosenbrug: Treasurer, lobbyist and foster parent to many young hackers. She started as sysadmin 20 years ago, but has mostly been politically active since, as Member of Parliament and in numerous NGOs. Her preferred channel is f2f.
Hacker initiatives like these, tend to have their own dynamics: sparks lead to flames, which die out or lead to wildfires, wasting energy along the way. To keep our minds focused on our goal to make the digital world a safer place and provide helpful hackers a solid platform, we installed a Supervisory Board of cyber security heavyweights. Each board member also represents a sector we try to get along in reaching our goals: cyber security companies, intelligence services, law enforcement and academia.
• Lodewijk van Zwieten (Chairman)
We have a growing network of security experts who help us in our mission: searching for the right vulnerabilities, inside contacts for disclosures, building a good ticketing system and gather funding. A list will be provided soon.
We are establishing a committee to deal with the tougher disclosures. Sometimes found vulnerabilities may not be fixed due to reluctance at the side of the owner or supplier of the system and we need to push disclosure to put public pressure on them. Still, we don’t want to disclose vulnerabilities which can be abused to the extent we put the users at risk. If our guidelines for Coordinated Vulnerability Disclosure prove insufficient, this committee will judge on a case to case bases, building a case base we can use for further disclosures.
Oh yeah, we also need more of that...