CEPS © 2019

Banking fragility rooted in justice failures Evidence from Ukraine
Task Force Report

Software Vulnerability Disclosure in Europe

Technology, Policies and Legal Challenges

by Lorenzo Pupillo / Afonso Ferreira / Gianluca Varisco
28 June 2018

Software Vulnerability Disclosure in Europe

Technology, Policies and Legal Challenges

Lorenzo Pupillo / Afonso Ferreira / Gianluca Varisco

This report puts forward the analysis and recommendations for the design and implementation of a forward-looking policy on software vulnerability disclosure (SVD) in Europe. It is the result of extensive deliberations among the members of a Task Force formed by CEPS in September 2017, including industry experts, representatives of EU and international institutions, academics, civil society organisations and practitioners.

Drawing on current best practices throughout Europe, the US and Japan, the Task Force explored ways to formulate practical guidelines for governments and businesses to harmonise the process of handling SVD throughout Europe. These discussions led to policy recommendations addressed to member states and the EU institutions for the development of an effective policy framework for introducing coordinated vulnerability disclosure (CVD) and government disclosure decision processes (GDDP) in Europe.

Lorenzo Pupillo is Associate Senior Research Fellow at CEPS. Afonso Ferreira is Directeur de Recherche, Centre national de la recherche scientifique (CNRS) and Gianluca Varisco is a Cybersecurity Expert with the Italian Digital Transformation Team. All three authors served as rapporteurs for the Task Force, which was chaired by Marietje Schaake, Member of the European Parliament.


About the Authors


Software Vulnerability Disclosure in Europe Technology, Policies and Legal Challenges
Download Publication

8336 Downloads