Software Vulnerabilities Disclosure: The European Landscape

Software today is everywhere: in our smartphones, in our cars, in our offices and at home.However, software is very complex and the risks for the critical infrastructures related to software vulnerabilities are increasing dramatically.

The disclosure of information related to software vulnerabilities is becoming a multifaceted process characterized by: inconsistent vulnerability release practices, unbalanced incentives for software companies captured between improving security of their products and the needs to support national security, great legal uncertainty  about the lawfulness of  security research for vulnerabilities, lack of vendor maturity for vulnerability reporting and the dilemma for government agencies between disclose zero-days vulnerabilities or retain them for intelligence purposes. 

The lack of codes of conduct for vulnerability research and disclosure is hampering the process of finding and fixing critical vulnerabilities. In Europe the debate on these issues is at the beginning and there is the need to bring together different stakeholders to assess and manage the challenges associated with the vulnerability disclosure process.

The purpose of this workshop is to promote this process through a discussion and the definition of proposals to improve the vulnerability disclosure landscape in Europe.

Please click here for full agenda and click here for speakers' short biographies

Timing : 09:30 Registration + coffee.  Workshop from 10:00 to 15:00​. Lunch will be served at 13:00.

Participation in this event is exceptionally free of charge.

 

Presentations:

Lorenzo Pupillo, CEPS: Origin of the Disclosure Controversy

Jan Neutze, Microsoft: Coordinated VulnerabilityDisclosure (CVD)

Ignacio Sanchez, European Commission (JRC): EU zero-day vulnerability management

Jeroen van der Ham, National Cyber Security Centre (NCSC) of the Netherlands: CVD building blocks

Gianluca Varisco, Italian Digital Transformation Team: A National Programme for Responsible DIsclosure

Philippe Cotelle, Airbus Defence and Space Insurance Risk Management: Software vulnerability Exposure a view from the industry

Allan Friedman, NTIA: US Government Promotion of Private Sector Vulnerability Disclosure

Marietje Schaake, Member of European Parlament (Video): A need for a joint EU reponse to mitigate cyber threats

Andriani Ferti: Legal challenges related to software vulnerability disclosure

 

23
June 2017
Friday
10:00-15:00

1233

Chair

Lorenzo Pupillo
Associate Senior Research Fellow & Head of the Cybersecurity@CEPS Initiative

Software Vulnerabilities Disclosure: The European Landscape

Contact: 
Organiser: 
23
June 2017
Friday
10:00-15:00
Participation in this event is exceptionally free of charge.

1233

CEPS Conference Room

Place du Congrès 1 - 1000 Brussels