Coordinated vulnerability disclosure – The government is here to help? – Flash 03 2019

From EuroDIG Wiki
Jump to navigation Jump to search

Consolidated programme 2019 overview

Working title: Coordinated vulnerability disclosure – The government is here to help?

Session teaser

The Netherlands has an official policy on Coordinated vulnerability disclosure (CVD) since 2013, there is an official (free!) ISO standard, and many countries are currently adopting the practice, either officially or unofficially.

In the session we’ll show how the Dutch governments helps with CVD, how it supports organisations and researchers with this process, while still having a balanced option for legal prosecution.

Session description

The aim of Coordinated Vulnerability Disclosure (CVD) is to improve the security of IT systems by sharing knowledge about vulnerabilities. Owners of IT systems can then mitigate vulnerabilities before these will be actively abused by third parties.

The Netherlands has an official policy on Coordinated vulnerability disclosure since 2013, there is an official (free!) ISO standard, and many countries are currently adopting the practice, either officially or unofficially. In the session we’ll show how the Dutch governments helps with CVD, how it supports organisations and researchers with this process, while still having a balanced option for legal prosecution.

Coordinated Vulnerability Disclosure pertains to the mechanisms by which vulnerabilities are shared and disclosed in a controlled way. It provides the necessary insight to political leadership, government policy-makers and other stakeholders to implement the most important elements of a CVD policy. It aims to shape a concerted international approach and support establishment of national CVD policies. The emphasis is on software manufacturers, vendors and user organisations as they are key to a successful CVD policy. It addresses the need of reducing software vulnerabilities as a key concept in strengthening cyber security

Format

Until 30 April 2019.

Flashes are a flexible format with no formal session principles applying. Mostly for presentation of a project, product or thesis, a controversy to gather feedback from the audience. No reporting and no remote participation or transcription support.

Describe your plans here.

Further reading

Until 30 April 2019.

Links to relevant websites, declarations, books, documents. Please note we cannot offer web space, so only links to external resources are possible. Example for an external link: Main page of EuroDIG

People

Organisor and Speaker:

  • Marit van Piggelen, National Cyber Security Centre, Netherlands (NCSC-NL)
Retrieved from "https://eurodigwiki.org/mw/index.php?title=Coordinated_vulnerability_disclosure_–_The_government_is_here_to_help%3F_–_Flash_03_2019&oldid=13563"