In recent years, more and more emphasis has been put on the importance of good preventative cyber security and vulnerability management techniques such as "Patch Tuesday".
Despite the increased importance, not all organisations have the same resources and knowledge when it comes to securing their networks against cyber adversaries.

This research tries to examine the vulnerability posture of Dutch municipal ICT networks.
To accomplish this a network ranges dataset was curated using open source intelligence techniques.
These networks, related to current and previous Dutch municipalities, have been used to collect network data scans and observe the changes in software products and versions.
Based on the data collected we can observe the software update moments for different organisations and analyse how often software products are kept up to date.
Using this network scan data and a subset of open-source products, we were able to construct a case study analysis about the general trends of vulnerability management and the influencing factors thereof.
This was done through timeline analysis, involving also software update releases, security advisories, and publicly disclosed vulnerability exploits.
Our findings show uncoordinated strategies within the different organisations and rare proactive security behaviour.

Another contribution of this study is in the sphere of reconnaissance and open source intelligence gathering, showing that publicly available information alone is a time-consuming procedure that renders very few useful data points.
These later findings have implications for both adversaries as well as security organisations, as reliable data could only be obtained through direct contact with the underlying municipality.

Raccoon Serious Games develops and hosts educational activities such as escape room events and serious games. They create both physically- and digitally-based escape rooms across many different scales. These events consist of a variety of puzzles and tasks the player(s) have to solve in order to finish or `escape' the event. For their digitally hosted events, the Massive Online Reactive Serious Escape 2.0 (MORSE) system is used for creation and configuration of the needed underlying rules of the event. The system uses the `If This Then That' (IFTTT) principle for creating rules, where a trigger activated by the player/game can initiate a check about the state of the game which then results in an action by the game. In MORSE the user (usually the game host) can choose from the multiple types of triggers, conditions, and actions to create logical statements in the IFTTT format. These statements together form the rules of the game. This system, although a good improvement over the previously hard-coded procedure, has proven unintuitive to program for most of the employees at Raccoon Serious Games. The IFTTT format used is unwieldy to work with for the designers, who have little to no programming background. Furthermore this existing system provides no overview of the rules system making it challenging to visualise the whole game and its dynamics. To solve the unintuitive nature of MORSE, our team designed and developed Feather: A graph-based visual editing tool that is integrated into MORSE. It can generate rule and ruleset logic needed for the client's escape events. It uses visual components and presents the user with a graph of the whole game during the design process. The editor can be used together with all other, earlier existing, features for creating rulesets of the MORSE system. This tool has most of the functionality the current system has, with the possibility of easily extending it with new components. The product was built as an addition to MORSE over the course of 10 weeks. In the initial part of the project a thorough research was performed on the needs of the client as well as useful resources or libraries and design practices for domain specific visual languages. The second part of the project was devoted to the design and implementation of the tool. Throughout the duration of the project a number of user tests were conducted with the employees at Raccoon Serious Games to assess the understanding and usability of the product.