I hacked the Dutch government and all I got was this t-shirt

  • General
  • by Jacob Riggs
  • 04-05-2021
Your vote is:
4.99 of 139 votes

The NCSC-NL (National Cyber Security Centre – Netherlands) sent me a ‘lousy’ t-shirt on behalf of the Dutch government.

Hacked the Dutch government lousy t-shirt

Together with the t-shirt was a thank you letter.

Thank you for bringing a vulnerability to our attention. Together with vulnerability reporters like you we can increase the resilience of Dutch society in the digital domain and better protect our systems and systems of our partners.

This was a pleasant response to receive and illustrates a far better approach to engaging with ethical hackers than traditional threats of prosecution.

However, there’s been some past controversy within the security community on whether this type of reward disincentivises ethical hacker participation by undermining the value inherent in VDP and bug bounty programs. Some argue that the effort researchers need to invest in helping to find and responsibly report vulnerabilities to government organisations far outweighs the level of compensation value these novelty rewards are worth.

My view is that expectations should be managed realistically, and maybe the focus should shift away from pursuing personal gain to instead encouraging wider public sector adoption of better security practices. I’m happy with my t-shirt and appreciate the efforts the NCSC-NL went to. It’s certainly a better response than some of the other governments I’ve reported vulnerabilities to.


Jacob Riggs

Jacob Riggs is a senior cyber security professional based in the UK with over a decade of experience working to improve the cyber security of various private, public, and third sector organisations. His contributions focus on expanding encryption tools, promoting crypto-anarchist philosophy, and pioneering projects centred on leveraging cryptography to protect the privacy and political freedoms of others.

E3FE 4B44 56F5 69BE 76C1 E169 E3C7 0A52 9AEF DB6F

Subscribe to my Blog

I agree with the Privacy Policy terms.