National Coordinated Vulnerability Disclosure (NCVD) Guideline

The Computer Emergency Response Team of Mauritius (CERT-MU) plays a key role in managing cyber incidents, coordinating cybersecurity efforts, and providing advisory services to organisations. Establishing a National Coordinated Vulnerability Disclosure framework will enable CERT-MU to better coordinate vulnerability reporting and mitigation, thereby strengthening the overall cybersecurity posture and cyber resilience of the country.

Objectives of the NCVD

The objective of the NCVD is to establish a structured and trusted framework through which vulnerabilities affecting digital systems and services in Mauritius can be responsibly reported, analysed, and mitigated.

The NCVD aims to:

  • Encourage responsible vulnerability reporting by cybersecurity researchers, organisations, and individuals.
  • Provide a secure and formal channel for vulnerability disclosure.
  • Facilitate timely remediation of vulnerabilities before they are exploited by malicious actors.
  • Strengthen the cybersecurity posture of national digital infrastructure.
  • Promote collaboration between government, private sector organisations, vendors, and the cybersecurity research community.
  • Contribute to the overall cyber resilience of Mauritius.

Before any disclosure, the reporting party should comply with CERT-MU’s Coordinated Vulnerability Disclosure guidelines and ensure that:

  • The reported vulnerability was identified through lawful, authorised, and ethical means.
  • Any unauthorised scanning or testing of the affected system(s) was not conducted
  • The vulnerability has not been exploited for personal or third-party gain.
National Coordinated Vulnerability Disclosure (NCVD) Guideline
Disclose a Vulnerability
Skip to content