CEPS © 2019

Ten years after EULEX Key principles for future EU flagship initiatives on the rule of law
CEPS Event

Software Vulnerabilities Disclosure: The European Landscape

Event is over
CEPS Event

Event Agenda

Software today is everywhere: in our smartphones, in our cars, in our offices and at home.However, software is very complex and the risks for the critical infrastructures related to software vulnerabilities are increasing dramatically.

The disclosure of information related to software vulnerabilities is becoming a multifaceted process characterized by: inconsistent vulnerability release practices, unbalanced incentives for software companies captured between improving security of their products and the needs to support national security, great legal uncertainty  about the lawfulness of  security research for vulnerabilities, lack of vendor maturity for vulnerability reporting and the dilemma for government agencies between disclose zero-days vulnerabilities or retain them for intelligence purposes. 

The lack of codes of conduct for vulnerability research and disclosure is hampering the process of finding and fixing critical vulnerabilities. In Europe the debate on these issues is at the beginning and there is the need to bring together different stakeholders to assess and manage the challenges associated with the vulnerability disclosure process.

The purpose of this workshop is to promote this process through a discussion and the definition of proposals to improve the vulnerability disclosure landscape in Europe.

Please click here for full agenda and click here for speakers' short biographies

Timing : 09:30 Registration + coffee.  Workshop from 10:00 to 15:00?. Lunch will be served at 13:00.

Participation in this event is exceptionally free of charge.


Lorenzo Pupillo, CEPS: Origin of the Disclosure Controversy

Jan Neutze, Microsoft: Coordinated VulnerabilityDisclosure (CVD)

Ignacio Sanchez, European Commission (JRC): EU zero-day vulnerability management

Jeroen van der Ham, National Cyber Security Centre (NCSC) of the Netherlands: CVD building blocks

Gianluca Varisco, Italian Digital Transformation Team: A National Programme for Responsible DIsclosure

Philippe Cotelle, Airbus Defence and Space Insurance Risk Management: Software vulnerability Exposure a view from the industry

Allan Friedman, NTIA: US Government Promotion of Private Sector Vulnerability Disclosure

Marietje Schaake, Member of European Parlament (Video): A need for a joint EU reponse to mitigate cyber threats

Andriani Ferti: Legal challenges related to software vulnerability disclosure

CEPS Event

Discussants &

Below is our list of speakers and discussants.

Lorenzo Pupillo

Lorenzo Pupillo

Associate Senior Research Fellow and Head of the Cybersecurity@CEPS Initiative

CEPS Event

Event Details

Software Vulnerabilities Disclosure: The European Landscape

Event Address

CEPS Conference Room
Place du Congrès 1 - 1000 Brussels
Event Date

Day 1 - Friday
Anne-Marie Boudou Anne-Marie Boudou
Anne-Marie Boudou
+32 (0)2 229 39 12
CEPS Event

Participation in this event is exceptionally free of charge.

More CEPS Events

Upcoming Events

Register for the next CEPS events.

View All Events