Digital Flanders Vulnerability Disclosure Program

In Scope

• *.vlaanderen.be web bounty-eligible
• https://beta.gastwebsite-acm.burgerprofiel.ext-vlaanderen.be web bounty-eligible
• https://beta.gastwebsite.burgerprofiel.ext-vlaanderen.be web bounty-eligible
• https://beta.widgets.burgerprofiel.dev-vlaanderen.be/ web bounty-eligible
• https://burgerprofiel.beta-vlaanderen.be web bounty-eligible
• https://vo-gebruikersbeheer.vlaanderen.be web bounty-eligible

Out of Scope

Third-party/vendor-operated services (DV cannot authorize testing on systems not owned or operated by us)., Newly onboarded systems may have a blackout window (up to six months)., bibis*.vlaanderen.be, cdn.vlaanderen.be, codex.opendata.api.vlaanderen.be, ets*.omgeving.vlaanderen.be, https://www.vlaanderen.be/aanmelden/help/mail.html (and ?*), https://www.vlaanderen.be/vlaamse-overheid/contact/stuur-een-e-mail, natura2000.vlaanderen.be, - opibus*.onderwijs*.vlaanderen.be