 How can national policies support the development and implementation of coordinated vulnerability disclosure?Valéry Vander Geeten
Cyber Security: A Peer-Reviewed Journal, 2024, vol. 7, issue 3, 253-261 Abstract: Every computer system or network may contain vulnerabilities. Therefore, vulnerability handling and disclosure are key elements of the cyber security technical, operational and organisational risk management measures of every organisation that develops or administers network and information systems. Coordinated vulnerability disclosure (CVD) policy or bug bounty can enable organisations to work together with well-intentioned people (ethical hackers) who look for and report vulnerabilities. The fear of being sued or the limited scope of the CVD can prevent such a collaboration. In the context of the implementation of the NIS2 directive, member states of the European Union will have to address the challenges posed by CVD processes. As a first attempt, Belgium has already adopted a national policy which includes a legal framework protecting vulnerability reporters and a coordinator role for its national computer security incident response team (CSIRT). Keywords: cyber security; coordinated vulnerability disclosure; ethical hacking; vulnerability management (search for similar items in EconPapers) Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:aza:csj000:y:2024:v:7:i:3:p:253-261 Access Statistics for this article More articles in Cyber Security: A Peer-Reviewed Journal from Henry Stewart Publications |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.