At Vrije Universiteit Amsterdam we regard the security of our systems very important. In spite of our care for security, it is still possible that there are vulnerabilities. If you find a weak spot in one of our systems, we are eager to cooperate with you in order to better protect our users and systems.
No invitation for active scanning
The fact that we have a policy for coordinated vulnerability disclosure is by no means an invitation to actively scan our systems for weak spots. We carefully monitor the network ourselves.
During your investigation it could be possible that you take actions that are prohibited by law. If you follow the conditions given in this agreement, we will not take legal action against you. The Dutch Public Prosecution Service will, however, never forfeit their right to investigate and prosecute unlawful actions and have published a policy paper [in Dutch] on the matter.