{"id":18985,"date":"2022-08-05T11:15:00","date_gmt":"2022-08-05T09:15:00","guid":{"rendered":"https:\/\/duthler.nl\/effectively-organizing-a-coordinated-vulnerability-disclosure\/"},"modified":"2025-07-14T10:57:48","modified_gmt":"2025-07-14T08:57:48","slug":"effectively-organizing-a-coordinated-vulnerability-disclosure","status":"publish","type":"post","link":"https:\/\/duthler.nl\/en\/effectively-organizing-a-coordinated-vulnerability-disclosure\/","title":{"rendered":"Effectively organizing a Coordinated Vulnerability Disclosure"},"content":{"rendered":"\n<p>By: Caroline Willemse and Andr\u00e9 Biesheuvel<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Organize effectively and cost efficiently<\/h2>\n\n\n\n<p>In the previous blog, \u201c<a href=\"https:\/\/duthler.nl\/en\/what-is-the-need-for-applying-a-coordinated-vulnerability-disclosure-cvd%ef%bf%bc\/\" target=\"_blank\" rel=\"noreferrer noopener\">What is the need for applying a Coordinated Vulnerability Disclosure (CVD)?<\/a>\u201d, we discussed the need for a company to organize a CVD. In this blog we focus on the effective and cost-efficient organization of a CVD. The organization&#8217;s goal is to facilitate an effective and efficient vulnerability disclosure process that can reduce the risk of security flaws being exploited by cybercriminals.<\/p>\n\n\n\n<p>ENISA is the driving force behind organizing CVD in Europe<strong>,<\/strong> see: <a href=\"https:\/\/www.enisa.europa.eu\/news\/enisa-news\/coordinated-vulnerability-disclosure-policies-in-the-eu\" target=\"_blank\" rel=\"noreferrer noopener\">Coordinated Vulnerability Disclosure policies in the EU<\/a>. In a European context, the NCSC is responsible for the Dutch efforts, see the Coordinated Vulnerability Disclosure Disclosure. <\/p>\n\n\n\n<p><a href=\"http:\/\/www.myobi.eu\/nl\" target=\"_blank\" rel=\"noreferrer noopener\">MYOBI<\/a> has \u2013 <em>as ENISA advises in its Good Practice Guide<\/em> \u2013 operationalized the CVD guideline for companies and users of the trust network.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">CVD in outline<\/h3>\n\n\n\n<p>The CVD service makes the threshold for an unknown researcher as low as possible to report a documented vulnerability. We could compare a reported vulnerability with a found \u201c<em>needle in a haystack<\/em>\u201d.<\/p>\n\n\n\n<p>The essence of CVD services is that <a href=\"https:\/\/myobi.eu\/nl\/vertrouwensnetwerk\/coordinated-vulnerability-disclosure\/\" target=\"_blank\" rel=\"noreferrer noopener\">MYOBI<\/a>, in the role of Trusted Third Party, receives information about a vulnerability in the security of a company&#8217;s infrastructure and\/or applications from an unknown researcher. <\/p>\n\n\n\n<p>When receiving the information about the vulnerability, MYOBI takes the following steps:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Authenticating the identity of the unknown researcher; <\/li><li>The unknown researcher records the information about the vulnerability in a secure environment of MYOBI; and<\/li><li>The unknown researcher invites the business process coordinator (responsible user) of the company in question \u2013 if desired under a <em>pseudonym<\/em> \u2013 in a secure business process.<\/li><\/ul>\n\n\n\n<p>The business process coordinator (responsible user) can involve us (Duthler Associates) in the process and request an analysis of the documented vulnerability. If the vulnerability threatens business continuity, the business process coordinator of the company concludes a CVD agreement with the unknown researcher. <\/p>\n\n\n\n<p>The topics in the agreement relate to:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Advising on taking appropriate control security measures and preventing calamities;<\/li><li>Communication during and after the removal of the vulnerability; <\/li><li>Agreements on limiting liability; and<\/li><li>Recognition for finding, documenting and identifying the vulnerability.<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Chain liability<\/h3>\n\n\n\n<p>Companies use IT suppliers for their infrastructure and applications. Vulnerabilities in the control and security measures can also arise in the products and services of the IT suppliers. A supplier of IT services and products in turn also uses suppliers. There is a chain and therefore also vulnerabilities in the chain.<\/p>\n\n\n\n<p>It is important that when purchasing these products and services, the company agrees with its suppliers about CVD&#8217;s goals and processes. Appropriate agreements are also needed about the decisive removal of identified vulnerabilities. The Contract Board facilitates companies with appropriate scenarios and contracts CVD the contract portfolio.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">MYOBI, the trusted third party<\/h3>\n\n\n\n<p>MYOBI, in its role of trusted party, gives the company the comfort that the threshold for reporting vulnerabilities is low and the liability and cost risks are manageable. In compiling the Vulnerability Disclosure Statement (as ENISA\/NCSC mean), the Contract Board has based it on the TTP policy. We make the Vulnerability Disclosure Statement company-specific and add it to the library. <\/p>\n\n\n\n<p>The following topics are discussed:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>The context in which the Vulnerability Disclosure takes place;<\/li><li>The roles of parties (tasks, powers and responsibilities);<\/li><li>The mechanism of sharing the information about the vulnerability;<\/li><li>Finishing the vulnerability;<\/li><li>Meeting the expectations of the unknown investigator\/reporter;<\/li><li>Communicating about vulnerabilities; and <\/li><li>Resolving any disputes through mediation.<\/li><\/ul>\n\n\n\n<p>In the company-specific learning environment of the company, MYOBI provides an awareness and training program in collaboration with us.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Access to security incident knowledge and experience<\/h3>\n\n\n\n<p>It is not easy to find professionals who can assess the security vulnerabilities and propose appropriate practical management and security measures. If internal knowledge is lacking, the company can make an agreement with professionals about the timely delivery of capacity.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">From threat to opportunity<\/h2>\n\n\n\n<p>For years, companies have been hesitant to regulate vulnerability disclosure because they feared inviting hackers to attack their systems. This fear is now pretty much gone. In fact, based on the idea \u201c<em>rather to be hacked in a controlled manner than by a criminal hacker<\/em>\u201d, a company can actively invite hackers to detect and report vulnerabilities in their system.<\/p>\n\n\n\n<p>The remedy for the unknown investigator may be:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>No criminal charges and civil proceedings;<\/li><li>A company publication describing the case. With this, the researcher receives recognition for his or her work to find and document vulnerabilities; and or<\/li><li>Compensation in the form of financial compensation and\/or an appointment to permanently hack the business systems.<\/li><\/ul>\n\n\n\n<p>Organizing CVD effectively is a powerful control and security measure that fits within a cyber information security strategy.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">The value proposition for a company<\/h2>\n\n\n\n<p>An effective CVD organization provides the company with a value proposition. The value proposition turns out differently for every business organization. We outline the costs and revenues.<\/p>\n\n\n\n<p>Cost:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Register on the MYOBI Trust Network. View the license costs <a href=\"https:\/\/myobi.eu\/nl\/licenties\/\" target=\"_blank\" rel=\"noreferrer noopener\">here<\/a>;<\/li><li>Using the <a href=\"https:\/\/myobi.eu\/nl\/toepassingen\/smart-contracting\/\" target=\"_blank\" rel=\"noreferrer noopener\">smart contracting application<\/a>;<\/li><li>Compiling <a href=\"https:\/\/duthler.nl\/en\/services\/legal-operations\/compiling-and-managing-a-company-specific-contract-library\/\" target=\"_blank\" rel=\"noreferrer noopener\">contract library<\/a> with contract set and CVD scripts; <\/li><li>Recognition of the unknown researcher; the ethical hacker;<\/li><li>If desired, have the CVD process managed on demand; and<\/li><li>Make use of a cybersecurity expert on demand to assess the vulnerabilities presented.<\/li><\/ul>\n\n\n\n<p>Yields:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Establish the strong control and security measure CVD;<\/li><li>Strengthen reputation management by making agreements with suppliers of IT services and products and ethical hackers about the process of Vulnerability Disclosure;<\/li><li>Preventing liability and cost risks; and<\/li><li>Controlling \u201c<em>the needle in a haystack<\/em>\u201d costs less than \u201c<em>finding a needle in a haystack<\/em>\u201d.<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">What can we do for you?<\/h2>\n\n\n\n<p>MYOBI Trust Network fulfills the role of trusted party. The Contract Board, in which we participate, has developed a contract portfolio CVD that can be made company-specific by us.<\/p>\n\n\n\n<p>After following the CVD awareness and training program, a company can implement and manage the CVD control measure. If the capacity is lacking, a professional from Duthler Associates can carry out the implementation &#8211; in collaboration with employees &#8211; on demand.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Submit your question to one of our professionals<\/h3>\n\n\n\n<p>The effectiveness of organizing Coordinated Vulnerability Disclosure requires a decisive approach. If you have any questions for your specific organization, please <a href=\"https:\/\/duthler.nl\/en\/contact\/\" target=\"_blank\" rel=\"noreferrer noopener\">contact<\/a> Caroline Willemse. Also view our page of special about CVD services.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>By: Caroline Willemse and Andr\u00e9 Biesheuvel Organize effectively and cost efficiently In the previous blog, \u201cWhat is the need for applying a Coordinated Vulnerability Disclosure (CVD)?\u201d, we discussed the need for a company to organize a CVD. In this blog we focus on the effective and cost-efficient organization of a CVD. The organization&#8217;s goal is&hellip;&nbsp;<a href=\"https:\/\/duthler.nl\/en\/effectively-organizing-a-coordinated-vulnerability-disclosure\/\" rel=\"bookmark\">Read More &raquo;<span class=\"screen-reader-text\">Effectively organizing a Coordinated Vulnerability Disclosure<\/span><\/a><\/p>\n","protected":false},"author":4,"featured_media":19328,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"neve_meta_sidebar":"","neve_meta_container":"","neve_meta_enable_content_width":"","neve_meta_content_width":0,"neve_meta_title_alignment":"","neve_meta_author_avatar":"","neve_post_elements_order":"","neve_meta_disable_header":"","neve_meta_disable_footer":"","neve_meta_disable_title":"","neve_meta_reading_time":"","_themeisle_gutenberg_block_has_review":false,"footnotes":""},"categories":[151,298],"tags":[308,307,309],"class_list":["post-18985","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-organiseren-van-de-verantwoordingsplicht","tag-coordinated-vulnerability-disclosure-en","tag-cvd-en","tag-cyber-en"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Effectively organizing a Coordinated Vulnerability Disclosure - Duthler Associates<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/duthler.nl\/en\/effectively-organizing-a-coordinated-vulnerability-disclosure\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Effectively organizing a Coordinated Vulnerability Disclosure - Duthler Associates\" \/>\n<meta property=\"og:description\" content=\"By: Caroline Willemse and Andr\u00e9 Biesheuvel Organize effectively and cost efficiently In the previous blog, \u201cWhat is the need for applying a Coordinated Vulnerability Disclosure (CVD)?\u201d, we discussed the need for a company to organize a CVD. In this blog we focus on the effective and cost-efficient organization of a CVD. The organization&#8217;s goal is&hellip;&nbsp;Read More &raquo;Effectively organizing a Coordinated Vulnerability Disclosure\" \/>\n<meta property=\"og:url\" content=\"https:\/\/duthler.nl\/en\/effectively-organizing-a-coordinated-vulnerability-disclosure\/\" \/>\n<meta property=\"og:site_name\" content=\"Duthler Associates\" \/>\n<meta property=\"article:published_time\" content=\"2022-08-05T09:15:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-07-14T08:57:48+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/duthler.nl\/wp-content\/uploads\/2022\/08\/Effectief-organiseren-van-een-Coordinated-Vulnerability-Disclosure.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"720\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Andr\u00e9 Biesheuvel\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Duthler_NL\" \/>\n<meta name=\"twitter:site\" content=\"@Duthler_NL\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Andr\u00e9 Biesheuvel\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/duthler.nl\\\/en\\\/effectively-organizing-a-coordinated-vulnerability-disclosure\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/duthler.nl\\\/en\\\/effectively-organizing-a-coordinated-vulnerability-disclosure\\\/\"},\"author\":{\"name\":\"Andr\u00e9 Biesheuvel\",\"@id\":\"https:\\\/\\\/duthler.nl\\\/en\\\/#\\\/schema\\\/person\\\/a2e065ab0a9ca1c9cde407351ac9065f\"},\"headline\":\"Effectively organizing a Coordinated Vulnerability Disclosure\",\"datePublished\":\"2022-08-05T09:15:00+00:00\",\"dateModified\":\"2025-07-14T08:57:48+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/duthler.nl\\\/en\\\/effectively-organizing-a-coordinated-vulnerability-disclosure\\\/\"},\"wordCount\":1032,\"publisher\":{\"@id\":\"https:\\\/\\\/duthler.nl\\\/en\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/duthler.nl\\\/en\\\/effectively-organizing-a-coordinated-vulnerability-disclosure\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/duthler.nl\\\/wp-content\\\/uploads\\\/2022\\\/08\\\/Effectief-organiseren-van-een-Coordinated-Vulnerability-Disclosure.png\",\"keywords\":[\"Coordinated Vulnerability Disclosure\",\"CVD\",\"Cyber\"],\"articleSection\":[\"Blog\",\"Organiseren van de verantwoordingsplicht\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/duthler.nl\\\/en\\\/effectively-organizing-a-coordinated-vulnerability-disclosure\\\/\",\"url\":\"https:\\\/\\\/duthler.nl\\\/en\\\/effectively-organizing-a-coordinated-vulnerability-disclosure\\\/\",\"name\":\"Effectively organizing a Coordinated Vulnerability Disclosure - Duthler Associates\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/duthler.nl\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/duthler.nl\\\/en\\\/effectively-organizing-a-coordinated-vulnerability-disclosure\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/duthler.nl\\\/en\\\/effectively-organizing-a-coordinated-vulnerability-disclosure\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/duthler.nl\\\/wp-content\\\/uploads\\\/2022\\\/08\\\/Effectief-organiseren-van-een-Coordinated-Vulnerability-Disclosure.png\",\"datePublished\":\"2022-08-05T09:15:00+00:00\",\"dateModified\":\"2025-07-14T08:57:48+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/duthler.nl\\\/en\\\/effectively-organizing-a-coordinated-vulnerability-disclosure\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/duthler.nl\\\/en\\\/effectively-organizing-a-coordinated-vulnerability-disclosure\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/duthler.nl\\\/en\\\/effectively-organizing-a-coordinated-vulnerability-disclosure\\\/#primaryimage\",\"url\":\"https:\\\/\\\/duthler.nl\\\/wp-content\\\/uploads\\\/2022\\\/08\\\/Effectief-organiseren-van-een-Coordinated-Vulnerability-Disclosure.png\",\"contentUrl\":\"https:\\\/\\\/duthler.nl\\\/wp-content\\\/uploads\\\/2022\\\/08\\\/Effectief-organiseren-van-een-Coordinated-Vulnerability-Disclosure.png\",\"width\":1280,\"height\":720},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/duthler.nl\\\/en\\\/effectively-organizing-a-coordinated-vulnerability-disclosure\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/duthler.nl\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Effectively organizing a Coordinated Vulnerability Disclosure\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/duthler.nl\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/duthler.nl\\\/en\\\/\",\"name\":\"Duthler Associates\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/duthler.nl\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/duthler.nl\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/duthler.nl\\\/en\\\/#organization\",\"name\":\"Duthler Associates\",\"url\":\"https:\\\/\\\/duthler.nl\\\/en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/duthler.nl\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/duthler.nl\\\/wp-content\\\/uploads\\\/2019\\\/06\\\/0.png\",\"contentUrl\":\"https:\\\/\\\/duthler.nl\\\/wp-content\\\/uploads\\\/2019\\\/06\\\/0.png\",\"width\":400,\"height\":400,\"caption\":\"Duthler Associates\"},\"image\":{\"@id\":\"https:\\\/\\\/duthler.nl\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/Duthler_NL\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/duthler-associates\",\"https:\\\/\\\/www.youtube.com\\\/user\\\/duthlerassociates\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/duthler.nl\\\/en\\\/#\\\/schema\\\/person\\\/a2e065ab0a9ca1c9cde407351ac9065f\",\"name\":\"Andr\u00e9 Biesheuvel\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a99390b713a8f2de81f25c332b42ef58f913878b7d2c9c7b404494c6c2c18a9f?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a99390b713a8f2de81f25c332b42ef58f913878b7d2c9c7b404494c6c2c18a9f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a99390b713a8f2de81f25c332b42ef58f913878b7d2c9c7b404494c6c2c18a9f?s=96&d=mm&r=g\",\"caption\":\"Andr\u00e9 Biesheuvel\"},\"description\":\"Binnen de praktijk vervult Andr\u00e9 de rol van managing partner en is hij vakinhoudelijk verantwoordelijk voor Organisatie &amp; ICT en Compliance. Ook doceert Andr\u00e9 bij meerdere trainingen op het gebied van governance, risk en compliance.\",\"sameAs\":[\"https:\\\/\\\/www.duthler.nl\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/ajbiesheuvel\\\/\"],\"url\":\"https:\\\/\\\/duthler.nl\\\/en\\\/author\\\/andre-biesheuvel\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Effectively organizing a Coordinated Vulnerability Disclosure - Duthler Associates","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/duthler.nl\/en\/effectively-organizing-a-coordinated-vulnerability-disclosure\/","og_locale":"en_US","og_type":"article","og_title":"Effectively organizing a Coordinated Vulnerability Disclosure - Duthler Associates","og_description":"By: Caroline Willemse and Andr\u00e9 Biesheuvel Organize effectively and cost efficiently In the previous blog, \u201cWhat is the need for applying a Coordinated Vulnerability Disclosure (CVD)?\u201d, we discussed the need for a company to organize a CVD. In this blog we focus on the effective and cost-efficient organization of a CVD. The organization&#8217;s goal is&hellip;&nbsp;Read More &raquo;Effectively organizing a Coordinated Vulnerability Disclosure","og_url":"https:\/\/duthler.nl\/en\/effectively-organizing-a-coordinated-vulnerability-disclosure\/","og_site_name":"Duthler Associates","article_published_time":"2022-08-05T09:15:00+00:00","article_modified_time":"2025-07-14T08:57:48+00:00","og_image":[{"width":1280,"height":720,"url":"https:\/\/duthler.nl\/wp-content\/uploads\/2022\/08\/Effectief-organiseren-van-een-Coordinated-Vulnerability-Disclosure.png","type":"image\/png"}],"author":"Andr\u00e9 Biesheuvel","twitter_card":"summary_large_image","twitter_creator":"@Duthler_NL","twitter_site":"@Duthler_NL","twitter_misc":{"Written by":"Andr\u00e9 Biesheuvel","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/duthler.nl\/en\/effectively-organizing-a-coordinated-vulnerability-disclosure\/#article","isPartOf":{"@id":"https:\/\/duthler.nl\/en\/effectively-organizing-a-coordinated-vulnerability-disclosure\/"},"author":{"name":"Andr\u00e9 Biesheuvel","@id":"https:\/\/duthler.nl\/en\/#\/schema\/person\/a2e065ab0a9ca1c9cde407351ac9065f"},"headline":"Effectively organizing a Coordinated Vulnerability Disclosure","datePublished":"2022-08-05T09:15:00+00:00","dateModified":"2025-07-14T08:57:48+00:00","mainEntityOfPage":{"@id":"https:\/\/duthler.nl\/en\/effectively-organizing-a-coordinated-vulnerability-disclosure\/"},"wordCount":1032,"publisher":{"@id":"https:\/\/duthler.nl\/en\/#organization"},"image":{"@id":"https:\/\/duthler.nl\/en\/effectively-organizing-a-coordinated-vulnerability-disclosure\/#primaryimage"},"thumbnailUrl":"https:\/\/duthler.nl\/wp-content\/uploads\/2022\/08\/Effectief-organiseren-van-een-Coordinated-Vulnerability-Disclosure.png","keywords":["Coordinated Vulnerability Disclosure","CVD","Cyber"],"articleSection":["Blog","Organiseren van de verantwoordingsplicht"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/duthler.nl\/en\/effectively-organizing-a-coordinated-vulnerability-disclosure\/","url":"https:\/\/duthler.nl\/en\/effectively-organizing-a-coordinated-vulnerability-disclosure\/","name":"Effectively organizing a Coordinated Vulnerability Disclosure - Duthler Associates","isPartOf":{"@id":"https:\/\/duthler.nl\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/duthler.nl\/en\/effectively-organizing-a-coordinated-vulnerability-disclosure\/#primaryimage"},"image":{"@id":"https:\/\/duthler.nl\/en\/effectively-organizing-a-coordinated-vulnerability-disclosure\/#primaryimage"},"thumbnailUrl":"https:\/\/duthler.nl\/wp-content\/uploads\/2022\/08\/Effectief-organiseren-van-een-Coordinated-Vulnerability-Disclosure.png","datePublished":"2022-08-05T09:15:00+00:00","dateModified":"2025-07-14T08:57:48+00:00","breadcrumb":{"@id":"https:\/\/duthler.nl\/en\/effectively-organizing-a-coordinated-vulnerability-disclosure\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/duthler.nl\/en\/effectively-organizing-a-coordinated-vulnerability-disclosure\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/duthler.nl\/en\/effectively-organizing-a-coordinated-vulnerability-disclosure\/#primaryimage","url":"https:\/\/duthler.nl\/wp-content\/uploads\/2022\/08\/Effectief-organiseren-van-een-Coordinated-Vulnerability-Disclosure.png","contentUrl":"https:\/\/duthler.nl\/wp-content\/uploads\/2022\/08\/Effectief-organiseren-van-een-Coordinated-Vulnerability-Disclosure.png","width":1280,"height":720},{"@type":"BreadcrumbList","@id":"https:\/\/duthler.nl\/en\/effectively-organizing-a-coordinated-vulnerability-disclosure\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/duthler.nl\/en\/"},{"@type":"ListItem","position":2,"name":"Effectively organizing a Coordinated Vulnerability Disclosure"}]},{"@type":"WebSite","@id":"https:\/\/duthler.nl\/en\/#website","url":"https:\/\/duthler.nl\/en\/","name":"Duthler Associates","description":"","publisher":{"@id":"https:\/\/duthler.nl\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/duthler.nl\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/duthler.nl\/en\/#organization","name":"Duthler Associates","url":"https:\/\/duthler.nl\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/duthler.nl\/en\/#\/schema\/logo\/image\/","url":"https:\/\/duthler.nl\/wp-content\/uploads\/2019\/06\/0.png","contentUrl":"https:\/\/duthler.nl\/wp-content\/uploads\/2019\/06\/0.png","width":400,"height":400,"caption":"Duthler Associates"},"image":{"@id":"https:\/\/duthler.nl\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/Duthler_NL","https:\/\/www.linkedin.com\/company\/duthler-associates","https:\/\/www.youtube.com\/user\/duthlerassociates"]},{"@type":"Person","@id":"https:\/\/duthler.nl\/en\/#\/schema\/person\/a2e065ab0a9ca1c9cde407351ac9065f","name":"Andr\u00e9 Biesheuvel","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/a99390b713a8f2de81f25c332b42ef58f913878b7d2c9c7b404494c6c2c18a9f?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/a99390b713a8f2de81f25c332b42ef58f913878b7d2c9c7b404494c6c2c18a9f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a99390b713a8f2de81f25c332b42ef58f913878b7d2c9c7b404494c6c2c18a9f?s=96&d=mm&r=g","caption":"Andr\u00e9 Biesheuvel"},"description":"Binnen de praktijk vervult Andr\u00e9 de rol van managing partner en is hij vakinhoudelijk verantwoordelijk voor Organisatie &amp; ICT en Compliance. Ook doceert Andr\u00e9 bij meerdere trainingen op het gebied van governance, risk en compliance.","sameAs":["https:\/\/www.duthler.nl","https:\/\/www.linkedin.com\/in\/ajbiesheuvel\/"],"url":"https:\/\/duthler.nl\/en\/author\/andre-biesheuvel\/"}]}},"_links":{"self":[{"href":"https:\/\/duthler.nl\/en\/wp-json\/wp\/v2\/posts\/18985","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/duthler.nl\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/duthler.nl\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/duthler.nl\/en\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/duthler.nl\/en\/wp-json\/wp\/v2\/comments?post=18985"}],"version-history":[{"count":2,"href":"https:\/\/duthler.nl\/en\/wp-json\/wp\/v2\/posts\/18985\/revisions"}],"predecessor-version":[{"id":22548,"href":"https:\/\/duthler.nl\/en\/wp-json\/wp\/v2\/posts\/18985\/revisions\/22548"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/duthler.nl\/en\/wp-json\/wp\/v2\/media\/19328"}],"wp:attachment":[{"href":"https:\/\/duthler.nl\/en\/wp-json\/wp\/v2\/media?parent=18985"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/duthler.nl\/en\/wp-json\/wp\/v2\/categories?post=18985"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/duthler.nl\/en\/wp-json\/wp\/v2\/tags?post=18985"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}