New CEPS Task Force on Software Vulnerability Disclosure in Europe

As part of the Cybersecurity@CEPS Initiative, CEPS is launching a Task Force on Software Vulnerability Disclosure in Europe on September 27th. Although software vulnerability disclosure has been the subject of a lively debate in the information security arena for several decades, recent events have created a heightened sense of urgency around this issue. The ransomware attacks from Wannacry took advantage of a vulnerability in Microsoft software discovered by the US National Security Agency (NSA) and leaked by a group of hackers called Shadow Brokers. Such incidents are attracting attention to the widespread activity of stockpiling vulnerabilities by national intelligence agencies around the world. Moreover, with the development of the Internet of Things and billions of devices connected to the internet, the attack surface is becoming broader and the impact of vulnerabilities will be even greater, thereby increasing the risks to critical infrastructure. The new CEPS Task Force on Software Vulnerability Disclosure in Europe will look at key aspects of the debate on this issue with the aim of defining guideline to harmonise the process of Coordinated Vulnerability Disclosure (CVD) in Europe. The Task force will then outline specific principles for member states to follow in developing a European vulnerability equity process (VEP) with clear priority given to reporting vulnerabilities to vendors. The Task Force will be chaired by Marietje Schaake, Member of the European Parliament. Schaake recently established the Intergroup on the Digital Agenda for Europe, in which fellow MEPs work together on a cross-party, cross-nationality basis to strengthen the Digital Agenda for Europe.

For more information click here.