CEPS, as part of the Cybersecurity@CEPS Initiative, will launch a Task Force on "Software Vulnerability Disclosure in Europe" on September 27th.
For decades, the issue of SW vulnerability disclosure has been the subject of a lively debate in the information security arena. Recent events, however, have created a new sense of urgency on this issue. The ransomware attacks from Wannacry took advantage of a vulnerability in Microsoft software discovered by the National Security Agency (NSA) and leaked by a group of hackers called Shadow Brokers. Such incidents raise the attention on the widespread activity of stockpiling vulnerabilities by national intelligence agencies around the world. Moreover, with the development of the Internet of Things and billions of devices connected to the internet, the attack surface is becoming broader and the impact of vulnerabilities will be even greater, thereby increasing the risks to critical infrastructure.
The CEPS Task Force on SW Vulnerability Disclosure in Europe will look at key aspects of the debate on this issue with the purpose of defining guideline to harmonize the process of Coordinated Vulnerability Disclosure (CVD) in Europe. The Task force will then outline specific principles for member states for the development of a European vulnerability equity process (VEP) with clear priority given to reporting vulnerabilities to vendors.
Please
click here to download the Task Force Prospectus.
If you are interested in joining this CEPS Task Force, please fill in and return this registration form via e-mail by September 26.