Responsible Disclosure Policy
The RIPE NCC recognises the importance of keeping our systems and data as secure as possible.
We take security issues seriously and will respond swiftly to fix them.
How to Report a Security Vulnerability
If you believe you have discovered a security vulnerability in the RIPE NCC’s network please:
- Contact our Information Security Officer with your findings
- If you’d like to encrypt your email, you can use our public PGP key
- Provide sufficient information so we can reproduce the problem and resolve the vulnerability as soon as possible (IP address, URL of affected system and any other information)
Please do not exploit the vulnerability you’ve discovered or reveal the problem to others.
How the RIPE NCC Will Handle Your Report
- We will act with urgency and necessary resources to resolve the issue
- We strive to respond to your report within three business days with our evaluation of the report and an expected resolution date
- We will handle your report with strict confidentiality and not pass on your personal details to third parties without your permission
- We will keep you informed of the progress on resolving the problem
- After a major security issue has been solved, we will publish a report on our website explaining the vulnerability discovered and the measures taken to fix it
- If you agree to have your name used in the report, we will credit you as the person that first reported the vulnerability to us