2025-08-09 –, Andromeda
Language: English
For over 23 years, the Dutch National Cyber Security Centre (NCSC) and its predecessors - GOVCERT.NL and CERT-RO - have been publishing security advisories to help protect Dutch digital infrastructure. Over the decades, this advisory service has evolved significantly in scope, scale, and approach. From the tooling and processes used, to the volume of vulnerabilities handled, the format of our advisories, and our audience - nearly every aspect of our work has changed and keeps changing.
This presentation will explore the history and development of the NCSC-NL security advisory service, reflecting on key milestones and lessons learned along the way. We will then look forward, discussing how the service is adapting to current challenges and future demands, most notably automation.
I got my start in IT security back in the summer of 2003 - just a few days in, I wrote my first security advisory for the Dutch government. Fast forward 22 years and a whole bunch of security projects later, I’m now the product owner of the vulnerability team at NCSC-NL. In this talk, I’ll share how our security advisory service at NCSC-NL got off the ground, how it’s evolved over the years, and where we’re heading next.