Towards a Memorandum on Coordinated Vulnerability Disclosure

On Thursday 10 November, the second Expert Meeting of the Coordinated Vulnerability Disclosure initiative took place in Bucharest, which was hosted by the Ministry of Foreign Affairs. Romania, Hungary, HP and the Netherlands are the GFCE members who launched this initiative in 2015.

Fruitful Expert Meeting in Bucharest

The purpose of this Expert Meeting was to build on the outcomes of a meeting, held earlier this year in Budapest. One of the results of the meeting was the presentation of a tool provided by way of the Manifesto, establishing a good practice for organizations, a guide which helps them to implement their own coordinated vulnerability disclosure. The Manifesto shows to be a great example of public private partnership.

In Bucharest several panel discussions took place on topics as:

  • the challenges in setting up a national framework for coordinated vulnerability disclosure policy;
  • addressing the technical and legal aspects of barriers of implementing coordinated vulnerability disclosure;
  • integrating vulnerability disclosure management into business processes;
  • how to integrate lessons learned of organizations and develop vulnerability disclosure guidelines;

Following these discussions the next steps were agreed on, covering the following elements:

  • Development of a draft Memorandum on Coordinated Vulnerability Disclosure in the coming months with the aim to be endorsed in 2017 by the GFCE members as well as at the GCCS 2017.
  • Promoting the importance of Coordinated Vulnerability Disclosure during conferences and high level meetings;
  • Strengthening of the CVD Network;
  • Organizing training workshops in various regions.

A more detailed report of this Expert Meeting in Bucharest will be published shortly on the GFCE website.        

CVD expert meeting november 2016

From left to right: Augustin Jianu (General Director, National CSIRT - CERT-RO); Petra Nijenhuis-Timmers (Coordinating Policy Officer, Ministry of Foreign Affairs Task Force Cyber, the Netherlands); Jeroen van der Ham (Researcher, NCSC-NL); Szilvia Tóth (Coordinator for Cyber Issues, Ministry of Foreign Affairs and Trade of Hungary); Miheala-Ionelia Popescu (Diplomatic Counselor, MFA Contact Point on Cyber Security Romania); Dr. Zoltan Rajnai (National Cyber Coordinator, Hungary).