This initiative provides a platform to GFCE members to share experiences and lessons learned in cyber security mechanisms for responsible disclosure or coordinated vulnerability disclosure policies and discussions on the broader topic of ethical hacking.

The experience includes the following:

  • Experience in setting up a national framework for Coordinated Vulnerability Disclosure policy;
  • Experience and practical guidelines on how to set up a Coordinated Vulnerability Disclosure policy for public and private organisations;
  • Experience in ethical hacking projects and procedures completed by public and private sector experts within a specified legal framework;
  • Experience in developing ethical hacking capability as a part of a broader process raising cyber resilience in order to embed this for government purpose, i.e. specified for the needs of the public sector, with special regards to classified and unclassified but official (non-public/limited use) systems;
  • Experience in creating the above referred legal concepts, the frameworks, as well as related or necessary policy documents for implementation.

Initiated by the Netherlands, Hungary, Romania and Hewlett Packard and open for others to join.

Responsible Disclosure Initiative (ethical hacking). Hewlett Packard/Hungary/The Netherlands/Romania.

ALBERT KINNEY (HP): Global business and critical infrastructures
are increasingly dependent upon cyberspace.
Hewlett Packard is pleased to join to the GFCE
with the international community of ethical hackers, businesses,
governments and scientists to secure this environment from the chip to the cloud.

ANETT MADI-NATOR (Hungary): Hungary joined the initiative,
because we believe in creating a trusted platform for information sharing.
This is why we want to establish and enhance
responsible information disclosure.
We also have a matching, legal framework to support it,
and we are more than happy to share our experience with other countries.

DANIEL IONITA (Romania): In the context of drafting the law on cybersecurity in Romania
and of an increased need for co-operation in this regard
between the competent authorities and the private sector,
our participation in the Responsible Disclosure Initiative will help
the development of the regulatory and the legislative framework
for the policy for responsible disclosure and the public-private partnership
in Romania and in the region.

Video explaining the Coordinated Vulnerability Disclosure initiative recorded during the Global Conference on Cyberspace 2015 (GCCS2015) in April 2015.