guide Guide to Reporting of Security Flaws One of the fundamental prerequisites for the success of the digitalization process is that customers and citizens trust the digital solutions that support the digital Denmark. In other words, good IT security is a decisive factor. The companies and authorities will therefore very much like to hear from you if you become aware of any errors or security flaws in systems that may lead to a security or data breach. All companies and authorities which have adopted the Danish ICT Industry Association Code for Reporting of Security Flaws will strive to manage your notification in accordance with the following guide. We recommend that you study the guide carefully to comply with the parts that concern you as an informer. When to report? You are requested to report immediately when you detect a security flaw which, in your opinion, may lead to the abuse of information that appears by nature to be confidential. An example of this can be if you see infor - mation about other citizens that, in your opinion, you should not be able to see/access. At an overall level, we would like to hear about inadvertent access to personal data or sensitive company in- formation. Such examples include: If you have received or been granted access to other citizens’ personal data If it is possible to change the rights or otherwise access other users’ user accounts/details If you have become aware of vulnerabilities or possible exploits that can be used to access data that are otherwise inaccessible. What do we need to know? In the greatest possible detail, please provide a description of the problem/error you have detected. Your notification should preferably contain the following information: How you became aware of the problem/error What, in your opinion, is the nature of the error/security flaw Where you detected the problem/error/security flaw Screenshots of the problem/error/security flaw. Your contact details. We accept and respect if you request anonymity within the framework of the law, but we urge you to send us your contact details. You may report security flaws in your name or anonymously through the KMD Whistleblower Arrangement. Please find more details on the arrangement here
Download PDF fil