Skip to main content

Many Dutch municipalities do not yet respond adequately to security vulnerabilities, research finds

posted onOctober 4, 2023
by l33tdawg
Tech Xplore
Credit: Tech Xplore

Many local authorities respond too slowly or inadequately to reports about security vulnerabilities. These coordinated vulnerability disclosures (CVD reports) are often made by ethical hackers who aim to make the internet safer. While this process has improved in recent years, the study by the University of Twente and the Dutch Institute for Vulnerability Disclosure (DIVD) indicates that there is still much room for improvement for local authorities.

Out of 114 Dutch municipalities, it was tracked whether the issue was resolved in 89 of them. Among these 89 contacted municipalities, 44 did not respond within 90 days—the period specified by the University of Twente in its Coordinated Vulnerability Disclosure for research—regarding the security notification. In 49 of the responding municipalities, the problem was found to remain unresolved. In 10 municipalities, the security vulnerability was fixed, but this was not communicated back to the notifier.

However, there are reasons for optimism, as there were municipalities that proactively responded to the notifications. In 19 municipalities, the report was handled appropriately, and there was a response to the notification. The research was conducted by Koen van Hove, a Ph.D. candidate at the University of Twente, a software and research engineer at NLnet Labs, and a researcher at the volunteer organization Dutch Institute of Vulnerability Disclosure (DIVD). He initiated the research out of curiosity about the functioning of CVD procedures in Dutch municipalities. 

Source

Tags

Industry News

You May Also Like

Recent News

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th