Cyber Tech Accord promotes the GFCE’s global good practices
Today, 44 technology stakeholders, including GFCE Members Microsoft and Cisco Systems, have signed the Cybersecurity Tech Accord, which endorses the Global Good Practice on Coordinated Vulnerability Disclosure (CVD) developed by the Global Forum on Cyber Expertise (GFCE).
In 2017, over 14500 new vulnerabilities (i.e. flaws in software code or information system) were recorded in 2017, compared with just 6,000 the previous year. The signatories strongly believe in the idea of more transparency through CVD. Tech companies should endorse this approach as a way to minimize cyber risks and improve communication once vulnerabilities are maliciously exploited. Increased transparency takes effort since many stakeholders have different integrity, security and reputational considerations. The Accord recommends organizations to; use existing standards and guidelines, implement the required processes to deal with incoming reports, allocate resources, ensure continuous communication, avoid a ‘one-size-fits all’ policy and provide explanation to legal councils. The GFCE is proud of this commitment and calls on more tech companies to adopt CVD policies.
More information can be found on the Cyber Tech Accord website.