Towards a Memorandum on Coordinated Vulnerability Disclosure

News item | 11-11-2016

On Thursday 10 November, the second Expert Meeting of the Coordinated Vulnerability Disclosure initiative took place in Bucharest, which was hosted by the Ministry of Foreign Affairs. Romania, Hungary, HP and the Netherlands are the GFCE members who launched this initiative in 2015.

Fruitful Expert Meeting in Bucharest

The purpose of this Expert Meeting was to build on the outcomes of a meeting, held earlier this year in Budapest. One of the results of the meeting was the presentation of a tool provided by way of the Manifesto, establishing a good practice for organizations, a guide which helps them to implement their own coordinated vulnerability disclosure. The Manifesto shows to be a great example of public private partnership.

In Bucharest several panel discussions took place on topics as:

• the challenges in setting up a national framework for coordinated vulnerability disclosure policy;
• addressing the technical and legal aspects of barriers of implementing coordinated vulnerability disclosure;
• integrating vulnerability disclosure management into business processes;
• how to integrate lessons learned of organizations and develop vulnerability disclosure guidelines;

Following these discussions the next steps were agreed on, covering the following elements:

• Development of a draft Memorandum on Coordinated Vulnerability Disclosure in the coming months with the aim to be endorsed in 2017 by the GFCE members as well as at the GCCS 2017.
• Promoting the importance of Coordinated Vulnerability Disclosure during conferences and high level meetings;
• Strengthening of the CVD Network;
• Organizing training workshops in various regions.

A more detailed report of this Expert Meeting in Bucharest will be published shortly on the GFCE website.