Bug Report: call to action!

Bug Report: call to action!

bugreport.pngmaandag 06 januari 2020

Have you been there? All you really want to do, is to get your own actions and projects done before the end of the year. That's quite enough!

But the team always has some good ideas that must be picked up too ..... And then a message drops into your mailbox that you almost click away, probably spam! But, you cannot ignore this message: it is a Bug Report. Oh no! You know this cannot be ignored. You’ll have to initiate the relevant procedure, with the inevitable follow-ups and communication to the reporter. Even more important than the actions that are still on the to do list!

In December we at CIO Platform Nederland received such a bug report from Asif aka "Ultimate Haxor", a hacker. It was a comprehensive message about a vulnerability he had found and which made our website vulnerable to clickjacking. In the e-mail the "Ultimate Haxor", unknown to us, had clearly written a description and PoC and also offered two solutions to deal with this vulnerability.

In accordance with our policy, we reported the incident with our hosting provider and asked them to verify the report and, if necessary, resolve it. The report turned out to be correct. Fortunately, the fix was quite easy. Within 2 days we were able to thank the reporter and let him know that the vulnerability had been fixed. He came back with the question what the reward was for this report.

At CIO Platform Nederland, our policy is not to provide financial incentives for such Responsible Disclosure / Coordinated Vulnerability Disclosure notifications. Instead, we offered to share this experience with our members and of course say a word of thanks to Asif "Ultimate Haxor". Hereby!

Based on the principle of Sharing is Caring, we are also curious about your experience with such kind of bug reports. How current is your Coordinated vulnerability disclosure policy? How many of these notifications do you receive and does the procedure work? What if a bug cannot be solved (quickly), how does the reporter react to this message? How do you involve the reporter and how are communications with reporters handled?

At the bureau of CIO Platform Nederland we are vigilant!

« Terug

Kick off sessie CxO’s in de Maritieme sector | Data in het haven-ecosysteem

2024-09-30   Maritieme sector meeting19 juli 2024 Kennisdelen op digitaliseringsonderwerpen die relevant zijn in de maritieme sector. Bijeenkomsten worden georganiseerd door/in samenwerking met CIO Platform Nederland en zijn toegankelijk voor organisaties die kennis willen delen over inhoudelijke vraagstukken. lees verder

Even terug kijken op het eerste half jaar van 2024

2024-07-12 | Blog edward12 juli 2024 Een mooie zomerblog van ons nieuwe bestuurslid Edward Cox, tevens Algemeen Directeur Louwman Group Services. Fijne zomer! lees verder

Jaardag 2024, de aftermovie

2024-07-09  Jaardag aftemovie08 juli 2024 Een record aantal leden van CIO Platform Nederland kwam op 6 juni bijeen om samen de waardevolle en gezellige Jaardag van onze community te vieren onder de noemer 'Elevate your Digital Transformation'. Bekijk hier de aftermovie. lees verder

Blog: ProRail sponsort de volgende generatie IT’ers

2024-06-24  Blog Evy Kalker21 juni 2024 De mini Rubik’s Cube had ik binnen no-time weer opgelost en de doolhof-sleutelhangers waren zo kapot, maar de bèta-Olympiade daarentegen is in mijn herinnering niet stuk te krijgen. Daar ben ik vast de enige niet in. Knik als er nu ook warme herinneringen bij je naar boven komen. lees verder

Bekijk alle nieuwsberichten via het archief

Close