Coordinated Vulnerability Disclosure

CVD is a platform to GFCE members to share experiences and lessons learned in cyber security mechanisms for responsible disclosure or coordinated vulnerability disclosure policies and discussions on the broader topic of ethical hacking. Coordinated Vulnerability Disclosure (CVD) pertains to the mechanisms by which vulnerabilities are shared and disclosed in a controlled way.

It provides the necessary insight to political leadership, government policy-makers and other stakeholders to implement the most important elements of a CVD policy. It aims to shape a concerted international approach and support establishment of national CVD policies. The emphasis is on software manufacturers, vendors and user organisations as they are key to a successful CVD policy. It addresses the need of reducing software vulnerabilities as a key concept in strengthening cyber security

By its Memorandum on Good Practices, the initiative will offer a guide for the main stakeholders (governments, organizations, vendors, research community, ‘ethical hackers’, legal sector, national CSIRTs) on how to approach the procedure of reporting in a coordinated manner a vulnerability and improve cybersecurity.

Deliverables

• Global Good Practices – Coordinated Vulnerability Disclosure (CVD)

Expected outcomes

• CVD policy at national level in Romania

Relevant documents

• Manifesto

Initiated by the Netherlands, Hungary, Romania and open for others to join.