23 Years of Security Advisories: Past, Present, and Future at the Dutch NCSC (WHY2025)

For over 23 years, the Dutch National Cyber Security Centre (NCSC) and its predecessors - GOVCERT.NL and CERT-RO - have been publishing security advisories to help protect Dutch digital infrastructure. Over the decades, this advisory service has evolved significantly in scope, scale, and approach. From the tooling and processes used, to the volume of vulnerabilities handled, the format of our advisories, and our audience - nearly every aspect of our work has changed and keeps changing. This presentation will explore the history and development of the NCSC-NL security advisory service, reflecting on key milestones and lessons learned along the way. We will then look forward, discussing how the service is adapting to current challenges and future demands, most notably automation. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/G8AJKY/