Embedded Files
Organization: DIVD (Dutch Institute for Vulnerability Disclosure)
Location: Remote
Commitment: 4–8 hours per week, voluntary work
About DIVD
The Dutch Institute for Vulnerability Disclosure (DIVD) is a non-profit organization dedicated to making the digital world safer by responsibly disclosing vulnerabilities. As a CVE Numbering Authority (CNA), we are authorized by the CVE Program to assign and publish CVE identifiers. This position specifically focuses on smart energy devices, an increasingly critical part of modern infrastructure.
DIVD aims to be an open and inviting organization for everyone. We believe it is essential that everyone can join us and feel welcome and safe, regardless of their sexual orientation, gender identity or expression, religious beliefs, or political preference. If you are already part of the hacker community, you may know neurodiversity is included in the package.
Your role
We are seeking a CNA Administrator to help us manage the assignment and publication of CVE IDs within our scope. In this role, you will support the responsible disclosure of vulnerabilities in smart energy technologies by ensuring they are correctly documented, tracked, and published in the global CVE system. This is a voluntary role, ideal for someone passionate about cybersecurity, vulnerability management, and contributing to the public good.
What you will be doing
Review, validate, and process vulnerability reports (including Proof of Concepts) submitted to DIVD within the smart energy device scope.
Assign CVE IDs according to CVE Program rules and DIVD procedures.
Coordinate with researchers, vendors, and the wider security community to ensure accurate and responsible vulnerability disclosure.
Draft and publish CVE Records.
Maintain accurate records of assigned CVEs, ensuring consistency and compliance with CNA requirements.
Collaborate with other DIVD team members and contribute to improving CNA processes.
The things you bring
Resident of the Netherlands (due to CVD jurisprudence and insurance)
Ability to analyse technical reports and proof of concepts.
Strong attention to detail and ability to follow structured processes.
Good written communication skills in English.
Ability to work independently and manage a small, steady workload.
Experience with Github.
Experience with Coordinated Vulnerability Disclosure and the communication tactics belonging to this process.
Familiarity with classifying vulnerabilities (CWE and CVSS).
(Preferred) Familiarity with CVE Program processes, vulnerability databases, or incident response.
What's in it for you
A chance to contribute directly to global cybersecurity efforts.
Experience working with an official CVE Numbering Authority.
Collaboration with a motivated team of volunteers.
Opportunities to learn and grow in vulnerability management, smart energy security, and responsible disclosure.
Recognition of your contributions to improving digital safety.
Being part of an awesome community
We welcome applications from people of all backgrounds who share our mission to make the digital world safer.
Page updated
Report abuse