We represent a team of highly skilled security researchers who seek and report vulnerabilities as a voluntary service next to their jobs. Some use their real names, while most work under nick names, using DIVD as a fire wall to protect them from journalists, lawyers and recruiters. We take care they follow our code of conduct, which is based on the Dutch Guideline for Coordinated Vulnerability Disclosure. So, although you will probably never meet our researchers, you may hope they are checking your systems right now, before the bad guys do...
Meanwhile, their research also serves as an empirical base to discover trends in security, stimulate security awareness and develop new methodologies in vulnerability research and disclosure. To structure their creative work, we are currently setting up departments, such as General Research, Unique Intelligence, Validated OSINT and Advisories for fixing vulnerabilities.
Team (in order of appearence)
• Victor Gevers: Chairman, Head of Research, Visionary and Janitor of our online environment. He is champion in Responsible Disclosure, with 5.600+ vulnerability reports successfully handled in the last 18 years. Don’t send him e mails, as he receives millions a day. His preferred channel is Twitter.
• Astrid Oosenbrug: Treasurer, lobbyist and foster parent to many young hackers. She started as sysadmin 20 years ago, but has mostly been politically active since, as Member of Parliament and in numerous NGOs. Her preferred channel is f2f.
• Chris van ‘t Hof: Secretary, text writer and a guy who tries to keep everyone together. He has been researcher, writer and presenter in ICT for 22 years now. His preferred channel is e mail.
• Mattijs van Ommeren: Researcher
• Edwin van Andel: Unique Intelligence
• Raymond Bierens: Advisor
• Frank Breedijk: Researcher and building response capacity
• Floor Terra: Privacy advisor and Researcher
• Matthijs Koot: Researcher
• Victor Gevers: Chairman.
• Chris van ‘t Hof: Secretary.
• Astrid Oosenbrug: Treasurer.
Hacker initiatives like these, tend to have their own dynamics: sparks lead to flames, which die out or lead to wildfires, wasting energy along the way. To keep our minds focused on our goal to make the digital world a safer place and provide helpful hackers a solid platform, we installed a Supervisory Board of cyber security heavyweights. Each board member also represents a sector we try to get along in reaching our goals: cyber security companies, intelligence services, law enforcement and academia.
• Lodewijk van Zwieten (Chairman)
We are establishing a committee to deal with the tougher disclosures. Sometimes found vulnerabilities may not be fixed due to reluctance at the side of the owner or supplier of the system and we need to push disclosure to put public pressure on them. Still, we don’t want to disclose vulnerabilities which can be abused to the extent we put the users at risk. If our guidelines for Coordinated Vulnerability Disclosure prove insufficient, this committee will judge on a case to case bases, building a case base we can use for further disclosures.
Oh yeah, we also need more of that...