Techly NewsGet the app

Get the latest tech news

Belgian CVD is deeply broken


After discovering a flaw in the login system of a major Belgian bank, I tried to report it through Belgium’s official vulnerability disclosure channels. Instead of support, I faced suspicion, bureaucracy, and resistance, from both the bank and the Centre for Cybersecurity Belgium. This post explores how Belgium’s CVD system is fundamentally broken, and what needs to change.

Article 23 then lists a bunch of conditions, which if followed, grant vulnerability reporters legal immunity from certain computer-related crimes (think proper “hacking”). One key element of this mechanism is the use of a visual icon challenge during the authentication process, shown when the trust level of the session is considered low (e.g., from an unrecognized browser or device). The CCB should develop a stronger understanding of hacker and bug bounty culture, and improve its ability to identify and assess relevant vulnerability reports.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Belgian

Belgian

Photo of Belgian CVD

Belgian CVD

Related news:

News photo

Worldline’s Woes Deepen as Belgium Opens Probe Into Payment Firm

News photo

Belgian parliament scraps nuclear phaseout plan

News photo

Belgian cops raid Huawei in Euro bribery probe

« IT consultancy settles US battle over alleged $14.75M government contract fraud
WeTransfer updates T&Cs, allows it to use your data to train AI »