- Cookies that enable provisioning of services you require.
- Cookies that inform NIC.LV about your visit on the website www.nic.lv - your consent is necessary for use of these cookies.
The Network Solutions Department (NIC.LV) of the Institute of Mathematics and Computer Science at the University of Latvia provides top-level domain .lv registry and electronic numbering system services. NIC.LV places special emphasis on the security of its information system and data, and encourages security researchers and other interested parties to report any identified security vulnerability responsibly.
If you have identified a potential vulnerability in NIC.LV services, we encourage you to inform us so that we can assess and remediate it as quickly as possible.
A vulnerability can be reported by:
sending an email to security@nic.lv. We encourage you to use our public PGP key to encrypt and protect the transmitted information.
using the vulnerability disclosure platform –cvd.cert.lv.
A vulnerability report should preferably include:
a description of the vulnerability;
the method of exploiting the vulnerability (if known);
the address of the affected resource (URL);
steps to reproduce the vulnerability;
screenshots or other supporting evidence;
the researcher’s contact information (name, email);
a public PGP key (if available).
We encourage reporting vulnerabilities in NIC.LV services, including but not limited to authentication or authorization flaws, access control issues, data protection and encryption weaknesses, logic errors with potential security impact, vulnerabilities in web interfaces and APIs, as well as any other vulnerabilities that may affect the confidentiality, integrity, or availability of systems.
The reporting mechanism is not intended for:
reporting typographical or content errors;
general questions about services;
customer support requests.
NIC.LV will acknowledge receipt of the report, evaluate the submitted information, and, if necessary, contact the reporter to clarify the provided details. NIC.LV will inform the reporter (hereinafter – the security researcher) about the vulnerability remediation process and will notify them once the vulnerability has been resolved.
If the security researcher wishes, after the vulnerability has been resolved NIC.LV may acknowledge the researcher’s contribution to improving security by providing positive recognition and publicity. No financial rewards are offered for reported vulnerabilities.
NIC.LV encourages security researchers to follow responsible vulnerability disclosure principles and to:
not exploit a vulnerability to access information that does not belong to them;
not obtain, modify, or delete data;
not perform actions that may affect the availability of services (for example, denial-of-service attacks);
not conduct social engineering attacks;
not disclose information about the vulnerability before it has been resolved.
5.1. If a vulnerability is identified in .lv top-level domain resources that are not managed by NIC.LV, we encourage you to check the vulnerability disclosure platform https://cvd.cert.lv:
if a vulnerability disclosure program is registered for the relevant resource, please use that program.
if no program is available, please report the vulnerability in the platform’s ALL section.