NIS2, Are you on scope?
Belgium's new cybersecurity law enters into force. Check it out now.
A Coordinated Vulnerability Disclosure Policy (CVDP) is a set of rules determined in advance by an organisation responsible for IT systems that allows participants (or "ethical hackers") with good intentions to identify potential vulnerabilities in its systems or to provide it with all relevant information about them.
A vulnerability rewards program (or "bug bounty" program) covers all rules set by a responsible organization to give rewards to participants who identify vulnerabilities in the technologies it uses. This is a type of coordinated vulnerability disclosure policy which includes rewards for participants based on the amount, importance or quality of the information provided.
Here you will find all information about reporting the discovered vulnerabilities to the Center for Cybersecurity Belgium (CCB).
Here you will find answers to the most frequently asked questions about the coordinated vulnerability disclosure policy and about reward programmes for detecting vulnerabilities (Bug Bounty).
Here you will find a guide with an overview of the concepts, objectives, legal issues and good practices concerning the implementation of a coordinated vulnerability disclosure policy and of remuneration programmes for the detection of vulnerabilities under current Belgian law.
This guide consists of two parts: Part I "Good Practices" and Part II "Legal Aspects".
**Content under review**
Here you will find a brochure with the benefits involved in a coordinated vulnerability disclosure policy and/or a vulnerability rewards program for private and public organisations.
Here is an example of a coordinated vulnerability disclosure policy and/or of a vulnerability rewards program, which should be adapted to the specific situation and choices of your organisation.