"Digitaal Vlaanderen" is the IT and digital transformation departement within the Flanders’ governmental IT. Positioned as the digital gateway and data broker between all Flemish government entities, we want to be at the top of our game. Our security ought to be too. For this program we are focusing at first instance on some of our main assets.
This is a responsible disclosure program without bounties.
By participating in this program, you agree to:
All and any subsites of https://www.vlaanderen.be,
-for which authentication is not needed
-for which creation of account(s) is not needed
For some subsites, a government entity other than Digitaal Vlaanderen may be responsible. We can accept the disclosed vulnerability and relay the issue to the concerned entity, yet we then cannot guarantee they will (be able to) fix it.
Authenticated demo environment for the widget platform. The website itself is just an illustrative example and should not be tested.
Unauthenticated demo environment for the widget platform. The website itself is just an illustrative example and should not be tested.
This program follows Intigriti's contextual CVSS standard
Where can we get credentials for the app?
You can log on via https://burgerprofiel.beta-vlaanderen.be by clicking on "Meld u aan". This will redirect you to https://beta.openid.burgerprofiel.dev-vlaanderen.be/ . Here you need to select an INSZ (= the account) and click on "Login". Multiple testing accounts are available.
Will you get recognition for relaying vulnerabilities?
We will create a section on our website, where we can mention your name or alias and the number of vulnerabilities you relayed to us.
For obvious reasons we can only allow submissions or applications for our program with a valid Intigriti account.
It will only take 2 minutes to create a new one or even less to log in with an existing account, so don't hesitate and let's get started. We would be thrilled to have you as part of our community.
