Details per sector

Click on a sectorname to see the results. Only names of organizations with an A-rating are displayed.


Responsible disclosure

The dutch government has issued a Responsible Disclosure Guideline. The sector benchmark is compliant with this guideline. In short, it means that there has not been any penetration into the system and that the vulnerabilities are not disclosed in public. Due to the huge amount of vulnerable systems that are identified and the lack of a notification mailbox at organizations, it's impossible to inform all of them.

The goal of responsible disclosure is to contribute to the security of IT systems and controlling the vulnerability of IT systems by notification of vulnerabilities in a responsible way and by handling notifications so that damage can be avoided or limited.

Sufficient time is needed for mitigation before a vulnerability is made public. According to the guideline, a reasonable period of time for vulnerable software is 60 days. To be on the safe side, vulnerabilities discovered by this are never published. Only the names of organizations with the highest security rating are.