Saturday | 26 Sep 2020
28 Jun 2018

Software Vulnerability Disclosure in Europe

Technology, Policies and Legal Challenges

Lorenzo Pupillo / Afonso Ferreira / Gianluca Varisco

Download Publication


This report puts forward the analysis and recommendations for the design and implementation of a forward-looking policy on software vulnerability disclosure (SVD) in Europe. It is the result of extensive deliberations among the members of a Task Force formed by CEPS in September 2017, including industry experts, representatives of EU and international institutions, academics, civil society organisations and practitioners.

Drawing on current best practices throughout Europe, the US and Japan, the Task Force explored ways to formulate practical guidelines for governments and businesses to harmonise the process of handling SVD throughout Europe. These discussions led to policy recommendations addressed to member states and the EU institutions for the development of an effective policy framework for introducing coordinated vulnerability disclosure (CVD) and government disclosure decision processes (GDDP) in Europe.

Lorenzo Pupillo is Associate Senior Research Fellow at CEPS. Afonso Ferreira is Directeur de Recherche, Centre national de la recherche scientifique (CNRS) and Gianluca Varisco is a Cybersecurity Expert with the Italian Digital Transformation Team. All three authors served as rapporteurs for the Task Force, which was chaired by Marietje Schaake, Member of the European Parliament.

Related Publications

Browse through the list of related publications.

How to Fully Reap the Benefits of the Internal Market for E-Commerce?

New economic opportunities and challenges for digital services 20 years after the adoption of the e-Commerce Directive Policy

Dinner for three

EU, China and the US around the geographical indications table

Public Procurement

How open is the European Union to US firms and beyond?

IoT 4 SDGs

What can the Digital Transformation and IoT achieve for Agenda 2030?

Artificial Intelligence and Cybersecurity

Task Force Evaluation of the HLEG Trustworthy AI Assessment List (Pilot Version)