Title Software Vulnerability Disclosure in Europe
Subtitle Technology, Policies and Legal Challenges
Author Lorenzo Pupillo, Afonso Ferreira, Gianiuca Varisco
ISBN 9789461386878
List price USD 20.00
Price outside India Available on Request
Original price
Binding Paperback
No of pages 112
Book size 153 x 229 mm
Publishing year 2018
Original publisher Brookings Institution Press
Published in India by .
Exclusive distributors Viva Books Private Limited
Sales territory India, Sri Lanka, Bangladesh, Pakistan, Nepal, .
Status New Arrival
About the book Send Enquiry
  
 

Description:

Cybersecurity is a hot topic of debate in today’s policy circles. The abuse of software vulnerabilities is a growing concern that needs to be urgently addressed with better solutions, as increasing numbers of devices and people are connected to the internet every day. This CEPS Task Force report offers the first comprehensive account of the various measures EU member states are taking to counter these challenges. Drawing on current best practices throughout Europe, the US and Japan, the Task Force explored ways to formulate practical guidelines for governments and businesses to harmonise the process of handling SVD throughout Europe. These discussions led to policy recommendations addressed to member states and the EU institutions for the development of an effective policy framework for introducing coordinated vulnerability disclosure (CVD) and government disclosure decision processes (GDDP) in Europe.

This report puts forward the analysis and recommendations for the design and implementation of a forward-looking policy on software vulnerability disclosure (SVD) in Europe. It is the result of extensive deliberations among the members of a Task Force formed by CEPS in September 2017, including industry experts, representatives of EU and international institutions, academics, civil society organisations and practitioners.

Drawing on current best practices throughout Europe, the US and Japan, the Task Force explored ways to formulate practical guidelines for governments and businesses to harmonise the process of handling SVD throughout Europe. These discussions led to policy recommendations addressed to member states and the EU institutions for the development of an effective policy framework for introducing coordinated vulnerability disclosure (CVD) and government disclosure decision processes (GDDP) in Europe.


Contents:

Foreword

Preface

Executive Summary

CVD Policy

Policy Recommendations from the Task Force

Part I: Coordinated Vulnerability Disclosure in Europe

Chapter 1: Introduction • Background • Some definitions • What is vulnerability disclosure? • Coordinated vulnerability disclosure • Actors in CVD • Phases of CVD • Bug bounty programs • Special cases of CVD • Multiparty CVD • Forever day vulnerabilities • Future issues in CVD

Chapter 3: State of play in CVD, by country • CVD within member states • Case studies of CVD in selected EU member states • The Netherlands • Latvia • Case studies of CVD outside the EU • United States • Japan

Chapter 4: Legal challenges from software vulnerability disclosure in the EU • Circumstances in which disclosure of software security vulnerability is advantageous • Legal challenges in relation to software vulnerability disclosure and the relevant legislative framework • Criminal law • Data protection law • Industrial property • Copyright • Trade secrets • Patents • Trademarks • Export control regulation • Conclusion

Chapter 5: Policy implications

Chapter 6: Recommendations for implementing CVD in Europe • Introduction • Opportunity cost • What can be done at EU level? • EU legislation • Amending Directive 2013/40/ EU on attacks against information systems to support CVD • Protection of security researchers • Incentives for security researchers • Directive on security of network information systems • General Data Protection Regulation • Cybersecurity Act • Software vulnerabilities in durable goods • National legislation • National non-legislative activities • Framework Programme for Research and Innovation

Part II: Government Disclosure Decision Processes

Chapter 7: Government Disclosure Decision Processes • GDDP in Europe • The US experience with GDDP • Recommendations for establishing GDDP in the EU

Part III: Conclusions and Recommendations

Chapter 8: Conclusions: It is time to act CVD policies • Recommendations for the implementation of CVD in Europe • EU legislation • National legislation • EU research funding • Recommendations to implement GDDP in Europe

Annex I. List of Task Force Members and Invited Guests and Speakers

Annex II. Timeline of the US Government’s Vulnerabilities Equities Process


About the Editors:

Lorenzo Pupillo is Associate Senior Research Fellow at CEPS.

Afonso Ferreira is Directeur de Recherche CNRS.

Gianluca Varisco is a Cybersecurity Expert with the Italian Digital Transformation Team.


Target Audience:

People interested in Cyber Security.

 

 
Special prices are applicable to the authorised sales territory only.
Prices are subject to change without prior notice.