Nuon pays much attention to the proper security of its information and communication systems. Despite this, a weak spot may exist or develop: a security vulnerability. Abusing a security vulnerability, or informing third parties about such a vulnerability which could lead to abuse, is illegal.
The National Cyber Security Center of the Dutch Ministry of Security and Justice has made recommendations for reporting and handling security vulnerabilities responsibly. Nuon has adopted these recommendations and adheres to the following responsible disclosure rules.
- Report a (possible) vulnerability to Nuon IT Security by completing the online form. Provide as much information as possible. A report can be made anonymously.
- Do not use the security vulnerability (e.g. by copying or modifying data), do not make it known to third parties; any communication will be coordinated by Nuon.
- If the above conditions have been met, Nuon will not report the intrusion of its systems to the Dutch Public Prosecution Services.
- In the event of a non-anonymous report, Nuon will inform the discloser about Nuon’s approach to resolve the vulnerability and will keep the discloser updated on progress.
- Depending on the degree of seriousness of the security vulnerability and the quality of the report, Nuon may decide to express its appreciation and / or issue public credits to the discloser.
Nuon considers security, reliability and honesty as highly important. This applies to Nuon's activities as an energy company as well as to its role in society. Your honest contribution to increasing safety and reliability is highly appreciated!
Nuon guarantees that it will not attempt to identify an anonymous discloser, provided that the discloser does not use his / her knowledge about the security leak and that the knowledge is not shared with third parties.
