The EU’s implementation process of coordinated vulnerability disclosure (CVD) programmes is taking place in a heterogeneous manner. Yet whereas a few Member States count on strategic approaches for the deployment of CVD programmes, others are progressing at different speeds without following a common EU approach. Likewise, within the co-existence of heterogenous approaches, common challenges have been identified, notably in the economic, legal, technical and policy dimensions.
The objective of this report is twofold. First, to gather evidence related to the latest developments and trends linked to the implementation of CVD programmes in the EU. Second, to thoroughly analyse the current issues faced by public bodies, industry and researchers at the time of deploying CVD programmes in EU Member States. This report also elaborates on the analysis and conclusions provided by the ENISA report: ‘Coordinated Vulnerability Disclosure Policies in the EU’.
This report is also co-authored by Thiago Barbizan, Solène Drugeot, Cristian Michele Tracci from Wavestone and Javier Gomez Prieto, Evangelos Kantas from ENISA.
