How we work towards a more safe digital world

We are a collective with over 130 very enthusiastic and skilled people who are passionate about security & cyber. We work voluntarily to make the digital world a little safer every day.

Learn more
What we do

What we do

DIVD scans the internet for the presence of Common Vulnerabilities and Exposures (CVEs), which is a list of publicly disclosed security vulnerabilities. When we find vulnerable URLs, we send the owners of the website or system a notification email. This email includes information about the vulnerability that was found, where it was found, and what steps to take to mitigate the risk of exploitation.

In addition to scanning the internet for known and publicly disclosed security vulnerabilities, we also actively search for and discover new vulnerabilities (zero-day vulnerabilities). These are typically unknown to the public and no patch or fix exists for them yet. We share this information with the (software) vendor or owner so they can design a solution. Furthermore, when we detect instances of compromised credentials, we take swift action by alerting affected individuals via email and urging them to immediately change their passwords or take other necessary steps.

  • Scan the internet for vulnerabilities

    Upon discovering or becoming aware of a vulnerability, our CSIRT team conducts an internet scan to identify the systems that are affected.

  • Reporting the vulnerability to the right people

    When affected systems are identified, we reach out to the owners of these systems. The email we send provides them with information about the vulnerability and suggests measures to resolve or lessen its impact.

  • Zero-day disclosure

    DIVD is a CVE Numbering Authority (CNA). We identify vulnerabilities and assign unique identifiers (CVEs). Furthermore, we help security researchers engage with vendors to disclose vulnerabilities.

  • 155

    Members

  • 155

    Total cases

  • 1.317.583

    Vulnerable IPS Notified

Our proudest work

case

DIVD responsibly discloses six new zero-day vulnerabilities to vendor

Read more
news

Over 1 Million Notifications

Read more
case

OPERATION ENDGAME DIVD-2024-00019

Read more
1 / 3
Ethics

Ethics at the base of everything we do

Since we handle sensitive data collected without informed consent, we've created this Code of Conduct to establish an ethical foundation for our work. This code can also be utilized by other researchers involved in what is currently known as responsible disclosure or coordinated vulnerability disclosure.

Code of conduct

Testimonials

Mikko Hyppönen

Mikko Hyppönen

Technology speaker and author

“We used to think that the work of computer security experts is to secure computers. Over time we’ve come to realize that they actually secure our society. And that’s exactly what DIVD does: they secure our society.”

Dave Maasland

Dave Maasland

CEO ESET Netherlands

“DIVD is not a project or a regular organisation, it’s a movement, one that lives by the Credo “be the change you wish to see in the world” and we need more of those to progress in the field of digital security.”

Jaya Baloo

Jaya Baloo

CISO Rapid7

“At the Dutch Institute for Vulnerability Disclosure, digital sentinels work tirelessly behind the scenes. They are unsung heroes who dedicate themselves to a safer internet, one vulnerability at a time, strengthening our cyber defenses with quiet resolve and unwavering commitment."

1 / 3