About #

The example text is a CVD policy for the ficticious company ACME corporation as a compliment to the responsible disclosure guideline published by the Dutch National Cyber Security Centre (NCSC). Before re-using this text, at least change the company name, the email address and the matching PGP key. To make the policy easier to find, it’s recommended to publish it at a standard location (www.example.com/security).

It’s recommended to clearly define the acceptable targets and methods of attack. The example text should be suitable for most organizations, but some organizations might have some concerns that are specific to their product or infrastructure.

Organizations and hackers are encouraged to give feedback on this text. Feedback will be used to improve the text to ensure that this text can be re-used as much as possible,

The example policy is written by Floor Terra and is published with a Creative Commons Attribution 4.0 International license.

Thanks for feedback and discussion: Deloitte, Rickey Gevers, Oscar Koeroo, Ronald Prins (Fox IT), @JeroenSlobbe, NCSC, @WhatSecurity and others.