Responsible Disclosure Policy

At the KNAW, we find the security of our systems very important. Despite our care for the security of our systems, it may happen that there is a weak spot. Please notify us immediately if you have found a weak spot in one of our systems, so that we can take measures as quickly as possible. We would like to work with you to better protect our users and our systems.

Not an invitation to active scanning

Our Responsible Disclosure Policy is not an invitation to engage in extensive active scanning of our KNAW network to discover vulnerabilities. We monitor our corporate network. There is a chance that a scan will be picked up and our CSIRT-KNAW group will have to investigate, resulting in unnecessary costs.

Criminal Law and Responsible Disclosure

There is a chance that during the course of your research, you may take actions that are punishable under criminal law. If you have complied with the conditions below, we will not take legal action against you regarding the report. The Public Prosecutor’s Office always retains the right to decide whether to prosecute you. The Public Prosecution Service has published information about this.

We ask you to do the following

What we promise


The KNAW network also provides Internet access for researchers, international partnerships and affiliated parties that maintain their own websites and systems. Reports for such systems and sites are accepted and forwarded to the responsible organisations. What these organisations do with it is beyond the KNAW’s sight and scope.

The KNAW does not respond to reports about trivial vulnerabilities or bugs that cannot be exploited. Below are examples of known vulnerabilities and accepted risks (not exhaustive) that fall outside the scope of the above arrangement:

Our policy is covered by a Creative Commons Attribution 3.0 licence. The policy is based on the example policy of Floor Terra (, the SURF Model Responsible Disclosure and on examples from the university world (University of Twente, Free University, Fontys).