Coordinating vulnerability disclosures
dcypher Symposium 2019 connecting cybersecurity knowledge – enterprises - policies
Time: 11:30 – 12:45
Room: Flash (80)
Language: Dutch
Chaired by Chris van 't Hof
Coordinating vulnerability disclosures: a new knowledge institute
The Netherlands is champion in Coordinated Vulnerability Disclosure. Supported by the NCSC CVD guideline many security researchers scan the internet for vulnerabilities and report these to the people who they believe should fix them. Still, they struggle with the legal, ethical and organisational bounderies of their efforts. The Dutch Institute for Vulnerability Disclosure (DVID) provides them a platform to collect, evaluate, combine and file vulnerability reports, while serving as a firewall against lawyers, journalists and recruiters. Meanwhile, the institute generates a valuable knowledgebase for statistics and case based reasoning.
Presentations
- Vulnerabilities
Victor Gevers, DIVD
- Case Study CVE-2019-11510 Unsolicited vulnerability reporting in practice
dr. Matthijs Koot, Secura
- Dutch initiative securitymeldpunt.nl
Frank Breedijk, CISO Schuberg Philis (about initiatve securitymeldpunt.nl)
This session is organised in close cooperation with the Dutch Institute for Vulnerability Disclosure (DIVD)