23 March: Expert meeting Responsible Disclosure

News item | 10-03-2016

On Wednesday 23 March GFCE members Hungary, the Netherlands, Rumania and HP organize an expert meeting on Responsible Disclosure in Budapest. The meeting brings together professionals from a range of countries, private sector, academia and tech community to share lessons learned, good practices and challenges on responsible disclosure or coordinated vulnerability disclosure policies and the broader topic of ethical hacking.

Early mitigation of cyber threats

Practice has shown that responsible disclosure policies work and that the vulnerability disclosure process can be controlled, so that the problem is fixed before publication. Cooperation with the ICT community is essential in the collective pursuit of cyber security. Other countries and companies can benefit from introducing such a policy as it increases the trust with the ICT community, and helps to mitigate many threats before they become public. This is the first of two expert meeting which are organized as part of the GFCE Responsible Disclosure Initiative. A second expert meeting is foreseen in autumn 2016. Aim of the initiative is to facilitate a dialogue between relevant parties to report on and share the practical steps they are taking on responsible disclosure as a part of a broader process raising cyber resilience.

Registration Expert Meeting 23 March

GFCE members have been invited by mail to register for this event and have access to a special event website with more detailed information. There might be a small number of seats available for non-members. Please contact the GFCE secretariat if you are interested to participate.


The full program and list of speakers can be consulted here. Purpose of the first meeting is to lay the groundwork by sharing experience on:

  • Setting up a national framework for responsible disclosure policy;
  • Practical guidelines on how to set up a responsible disclosure policy for public and private organizations;
  • Ethical hacking projects and procedures completed by public and private sector experts within a specified legal framework;
  • Developing ethical hacking capability as a part of a broader process raising cyber resilience in order to embed this for government purpose, i.e. specified for the needs of the public sector, with special regards to classified and unclassified but official (non-public/limited use) systems;
  • Creating the above referred legal concepts, the frameworks, as well as related or necessary policy documents for implementation. The outcome of the first meeting will be presented in a summary addressing all above aspects of responsible disclosure and ethical hacking as a part of broader process of raising cyber resilience and aspects explored during the first expert meeting.

Follow up meeting in autumn 2016

A second expert meeting in autumn 2016 will provide an opportunity for the participants to reflect on the first meeting and deliberate on next steps. During the second meeting participants are encouraged to start developing a best practices document or framework document for responsible disclosure and developing ethical hacking capability as a part of a broader process raising cyber resilience.