Event is over

Software Vulnerabilities Disclosure: The European Landscape

CEPS Conference Room
Place du Congrès 1 - 1000 Brussels

Participation in this event is exceptionally free of charge.

CEPS Event

Software Vulnerabilities Disclosure: The European Landscape


Software today is everywhere: in our smartphones, in our cars, in our offices and at home.However, software is very complex and the risks for the critical infrastructures related to software vulnerabilities are increasing dramatically.

The disclosure of information related to software vulnerabilities is becoming a multifaceted process characterized by: inconsistent vulnerability release practices, unbalanced incentives for software companies captured between improving security of their products and the needs to support national security, great legal uncertainty  about the lawfulness of  security research for vulnerabilities, lack of vendor maturity for vulnerability reporting and the dilemma for government agencies between disclose zero-days vulnerabilities or retain them for intelligence purposes. 

The lack of codes of conduct for vulnerability research and disclosure is hampering the process of finding and fixing critical vulnerabilities. In Europe the debate on these issues is at the beginning and there is the need to bring together different stakeholders to assess and manage the challenges associated with the vulnerability disclosure process.

The purpose of this workshop is to promote this process through a discussion and the definition of proposals to improve the vulnerability disclosure landscape in Europe.

Please click here for full agenda and click here for speakers' short biographies

Timing : 09:30 Registration + coffee.  Workshop from 10:00 to 15:00?. Lunch will be served at 13:00.

Participation in this event is exceptionally free of charge.


Lorenzo Pupillo, CEPS: Origin of the Disclosure Controversy

Jan Neutze, Microsoft: Coordinated VulnerabilityDisclosure (CVD)

Ignacio Sanchez, European Commission (JRC): EU zero-day vulnerability management

Jeroen van der Ham, National Cyber Security Centre (NCSC) of the Netherlands: CVD building blocks

Gianluca Varisco, Italian Digital Transformation Team: A National Programme for Responsible DIsclosure

Philippe Cotelle, Airbus Defence and Space Insurance Risk Management: Software vulnerability Exposure a view from the industry

Allan Friedman, NTIA: US Government Promotion of Private Sector Vulnerability Disclosure

Marietje Schaake, Member of European Parlament (Video): A need for a joint EU reponse to mitigate cyber threats

Andriani Ferti: Legal challenges related to software vulnerability disclosure

Lorenzo Pupillo Lorenzo Pupillo
Lorenzo Pupillo

Associate Senior Research Fellow and Head of the Cybersecurity@CEPS Initiative