28 Jun 2018

Software Vulnerability Disclosure in Europe

Technology, Policies and Legal Challenges

Lorenzo Pupillo / Afonso Ferreira / Gianluca Varisco

Download Publication


This report puts forward the analysis and recommendations for the design and implementation of a forward-looking policy on software vulnerability disclosure (SVD) in Europe. It is the result of extensive deliberations among the members of a Task Force formed by CEPS in September 2017, including industry experts, representatives of EU and international institutions, academics, civil society organisations and practitioners.

Drawing on current best practices throughout Europe, the US and Japan, the Task Force explored ways to formulate practical guidelines for governments and businesses to harmonise the process of handling SVD throughout Europe. These discussions led to policy recommendations addressed to member states and the EU institutions for the development of an effective policy framework for introducing coordinated vulnerability disclosure (CVD) and government disclosure decision processes (GDDP) in Europe.

Lorenzo Pupillo is Associate Senior Research Fellow at CEPS. Afonso Ferreira is Directeur de Recherche, Centre national de la recherche scientifique (CNRS) and Gianluca Varisco is a Cybersecurity Expert with the Italian Digital Transformation Team. All three authors served as rapporteurs for the Task Force, which was chaired by Marietje Schaake, Member of the European Parliament.

Related Publications

Browse through the list of related publications.

Multi-Layered Actions?

Sustaining Partnerships in the EU Integrated Approach to Conflicts and Crises

The Recovery and Resilience Facility

A springboard for a renaissance of public investments in Europe?

Limitations on Human Mobility in Response to COVID-19

A preliminary mapping and assessment of national and EU policy measures, their sanctioning frameworks, implementation tools and enforcement practices

Central bank digital currencies

Can central banks succeed in the marketplace for digital monies?

EU defence projects

Balancing Member States, money and management

Between politics and inconvenient evidence

Assessing the Renewed EU Action Plan against migrant smuggling