Report a Website Vulnerability
At KRO-NCRV, the security of our systems and our users is of utmost importance. Despite our efforts, a vulnerability may still exist. Have you discovered a security issue in one of our systems? We would like to hear from you so we can investigate and resolve it quickly.
We apply the principles of Responsible Disclosure. If you handle your report responsibly, we will work together with you in a transparent and careful manner.
What we ask of you
- Provide enough information to reproduce the issue (e.g., URL/IP + description).
- Report the vulnerability as soon as possible after discovery.
- Do not share the vulnerability with others or make it public during the investigation.
- Do not go further than necessary to demonstrate the issue.
- Leave contact details (this may also be done under a pseudonym).
Please avoid, among other things:
- Installing malware
- Copying, modifying, or deleting data
- Making changes to systems
- Automated scanning, brute force attacks, DDoS, or social engineering
- Repeated or shared unauthorized access to systems
What you can expect from us
- No legal action if you comply with the Responsible Disclosure principles.
- Careful and confidential handling of your report.
- No sharing of personal data without your consent (unless required by law).
- An initial substantive response and, where possible, progress updates.
- Resolution of the vulnerability as quickly as possible.
Security Hall of Fame
As a token of appreciation, we may — if you wish — include your name or alias on our Security Hall of Fame page.