CEPS Task Force on Software Vulnerability Disclosure in Europe

In view of the new EU Cybersecurity Strategy, which underlines the need to create enabling conditions to implement coordinated vulnerability disclosure across member states, CEPS  recently launched Task Force on Software Vulnerabilities Disclosure (SVD) is timely. The Task Force will look at how to devise guidelines for governments and businesses to harmonise the process of handling SVD throughout Europe. Chaired by Marietje Schaake, MEP, the Task Force has a strong representation from the private sector (nine companies), the EU institutions, European governments and civil society. The kick-off meeting on September 27th set the scene and organised the workflow of preliminary activities, which will concentrate on:

  • Implementing a mapping of the Coordinated Vulnerability Disclosure (CVD) models currently in use in Europe.
  • Understanding the current legal constraints in the implementation of a CVD in Europe, through ad hoc analysis of the legal constraints across member states.
  • Testing the feasibility of extending the Dutch model of CVD to other European countries.
  • Involving other national computer emergency response teams in the work of the Task Force.
  • Promoting effective communication of the activities and results of the Task Force.