Get the latest tech news

Belgium Is Unsafe for CVD


This post is about the reason I will probably never try to warn any organisation in Belgium about any vulnerability again. Recently I have been dealing with an attempt at coordinated vulnerability disclosure (CVD) with an organisation in Belgium. This post is not about that, because I’m not allowed to write about it. This post explains why I believe Belgium is unsafe for people trying to do CVD. I believe it’s important to warn others so that they know what to expect and can decide for themselves.

For example, when the vulnerability is of a new type (it rarely is) it helps other to learn how to find similar issues in other systems, how to design detections or preventative measures to safeguard against exploitation, etc.. It took me a couple of minutes to take a single screenshot that contains all context needed to reproduce the vulnerability and send a private message on X to someone I know that works at the affected organisation. A couple of weeks later I got a response: They give me permission to publicly communicate in the abstract sense that the concept of “Business Logic Errors” as defined by the CWE exists.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Belgium

Belgium

Photo of CVD

CVD

Related news:

News photo

Italy, Sweden, Belgium, Portugal, Spain, Poland, Bulgaria, and Canada Urge Travelers to Use Burners Instead of Smartphones When Visiting US for an Easy Trip

News photo

Belgium Charges Eight People for Corruption in Huawei Probe

News photo

'Huawei lobbyists' held in Belgium raids over EU corruption