Coordinated Vulnerability Disclosure policies in the EU – ENISA

Vulnerability disclosure has become the focus of attention of cybersecurity experts engaged in strengthening the cybersecurity resilience of the European Union. The valid source of concern comes from the cybersecurity threats looming behind vulnerabilities, as demonstrated by the impact of the Log4Shell vulnerability.

Security researchers and ethical hackers constantly scrutinise ICT systems - both open source and commercial closed source software - to find weaknesses, misconfigurations, software vulnerabilities, etc. A wide range of issues are thus revealed: weak passwords, fundamental cryptographic flaws or deeply nested software bugs.

Identifying vulnerabilities is therefore essential if we want to prevent attackers from exploiting them. It is important to consider that attackers can always develop malware specially designed to exploit vulnerabilities disclosed to the public. Besides the identification itself, vendors can also be reluctant to acknowledge vulnerabilities as their reputation might be damaged as a consequence.

What is CVD?

Coordinated vulnerability disclosure (CVD) is a process by which vulnerabilities finders work together and share information with the relevant stakeholders such as vendors and ICT infrastructure owners.

CVD ensures that software vulnerabilities get disclosed to the public once the vendor has been able to develop a fix, a patch, or has found a different solution.

What are national CVD policies?

National CVD policies are national frameworks of rules and agreements designed to ensure:

What is the situation in the EU?

The report published today maps the national CVD policies in place across the EU, compares the different approaches and, highlights good practices.

The analysis allows a wide disparity to be observed among Member States in relation to their level of CVD policy achievement. At the time the data used in the report was collected, only four Member States had already implemented such a CVD policy, while another four of them were about to do so. The remaining Member States are split into two groups: those currently discussing how to move forward and those who have not yet reached that stage.

What are ENISAs recommendations to promote CVD?

The main recommendations from the analysis of nineteen EU Member States include:

Apart from the above, additional recommendations are issued in relation to the economic and polical challenges and also address operational and crisis management activities.

Next steps

The Commissions proposal for the revision of the Network and Information Security Directive or NIS2 proposal, provides for EU countries to implement a national CVD policy. ENISA will be supporting the EU Member States with the implementation of this provision and will be developing a guideline to help EU Member States establish their national CVD policies.

In addition, ENISA will need to develop and maintain an EU Vulnerability database (EUVDB). The work will complement the already existing international vulnerability databases. ENISA will start discussing the implementation of the database with the European Commission and the EU Member States after the adoption of the NIS2 proposal.

Background material

The report builds upon previous work performed by ENISA in the field of vulnerabilities. ENISA issued a report on good practices on vulnerability disclosure in 2016, and the economic impact of vulnerabilites was explored in detail in 2018. In addition, the limitations and opportunities of the vulnerability ecosystem were analysed in the ENISA 2018/2019 State of Vulnerabilities report.

Further information

Vulnerability Disclosure in the EU An overview of National Vulnerability Disclosure Policies in the EU ENISA report

State of Vulnerabilities 2018/2019 - Analysis of Events in the life of Vulnerabilities

Economics of Vulnerability Disclosure

Good Practice Guide on Vulnerability Disclosure. From challenges to recommendations

Contact

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Here is the original post:
Coordinated Vulnerability Disclosure policies in the EU - ENISA

The European Union just issued a dire warning to its 450 million citizens: Stockpile supplies and prepare for disaster - Fortune - March 26th, 2025 [March 26th, 2025]
The European Union is preparing for war and is calling for emergency reserves in every home - CiberCuba - March 26th, 2025 [March 26th, 2025]
The European Union rejected Russias demand for a ceasefire in exchange for lifting sanctions - - March 26th, 2025 [March 26th, 2025]
Exclusive | European Union to slap Meta with fine up to $1B or more for breaching strict antitrust rules: sources - New York Post - March 26th, 2025 [March 26th, 2025]
Peter Rough sat down with Kaja Kallas, European Union high representative for foreign affairs and security policy and European Commission vice... - March 26th, 2025 [March 26th, 2025]
Court of Justice of the European Union: Member states representatives appoint thirteen judges to the General Court - consilium.europa.eu - March 26th, 2025 [March 26th, 2025]
When the European Union wants to get back to basics - Marketscreener.com - March 26th, 2025 [March 26th, 2025]
The European Union urges citizens to stockpile supplies to last 3 days in case of crisis - Goshen News - March 26th, 2025 [March 26th, 2025]
The European Union urges citizens to stockpile supplies to last 3 days in case of crisis - Oil City Derrick - March 26th, 2025 [March 26th, 2025]
European Union's Transmission Shafts and Cranks Market Expected to Slightly Increase with a CAGR of +0.3% over the Next Decade - IndexBox, Inc. - March 26th, 2025 [March 26th, 2025]
New European Union Plan To Boost Local Arms Production Would Freeze U.S. Out Of Billions - The War Zone - March 26th, 2025 [March 26th, 2025]
European Union's Roasted Coffee Market to See Continued Growth with +0.6% CAGR by 2035 - IndexBox, Inc. - March 26th, 2025 [March 26th, 2025]
EU Penalizes RPM And Other Vertical Conduct Violations - Cartels, Monopolies - European Union - Mondaq News Alerts - March 26th, 2025 [March 26th, 2025]
European Union's Toilet Paper Market to Reach $27.1B by 2035 with +0.5% CAGR - IndexBox, Inc. - March 26th, 2025 [March 26th, 2025]
European Union Delays Retaliatory Tariffs On U.S. ProductsIncluding Whiskey - Forbes - March 20th, 2025 [March 20th, 2025]
ICC President visits Brussels, urges European Union to take immediate action to protect the Court - the International Criminal Court - March 20th, 2025 [March 20th, 2025]
The European Sting is Your democratic, independent and top quality political newspaper specialized in European Union News. Unique Features: iSting... - March 20th, 2025 [March 20th, 2025]
The Prime Minister of Slovakia supported Ukraine's integration into the European Union - Eurasia Daily - March 20th, 2025 [March 20th, 2025]
Trump reacts to European Union slapping tariffs on U.S. goods - CBS News - March 13th, 2025 [March 13th, 2025]
Rxulti approved in the European Union for adolescent schizophrenia - PharmaTimes - March 13th, 2025 [March 13th, 2025]
European Union Responds With Tariffs on Soybeans, Other Ag Exports - DTN The Progressive Farmer - March 13th, 2025 [March 13th, 2025]
European Union retaliates with tariffs on $28 billion U.S. products - RFD-TV - March 13th, 2025 [March 13th, 2025]
Donald Trump threatens European Union with 200% tariffs on specific goods if they dont remove nasty tax - UNILAD - March 13th, 2025 [March 13th, 2025]
Canada and the European Union announce retaliatory tariffs against the United States - KREM.com - March 13th, 2025 [March 13th, 2025]
Commission decides to refer SPAIN to the Court of Justice of the European Union due to discriminatory tax treatment of non-resident taxpayers - The... - March 13th, 2025 [March 13th, 2025]
European Union hits back with counter tariffs on US goods - USA TODAY - March 13th, 2025 [March 13th, 2025]
Trade Wars: European Union Retaliates Against U.S. Tariffs on Steel and Aluminum - TipRanks - March 13th, 2025 [March 13th, 2025]
Commission hosts event to gather input and expertise on upcoming European Water Resilience Strategy - European Union - March 7th, 2025 [March 7th, 2025]
UNESCO and the European Union Promote Training in Creative Tourism in the Caribbean - UNESCO - March 7th, 2025 [March 7th, 2025]
The Interests of the European Union and the United States Are Diverging - Modern Diplomacy - March 7th, 2025 [March 7th, 2025]
Tunisia: Call for the European Union to send international observers to the so-called "conspiracy" trial - FIDH - March 7th, 2025 [March 7th, 2025]
European Union Blasts Trump Tariff Threats as Starmer Visits White House - Newsweek - February 27th, 2025 [February 27th, 2025]
Trump vows to slap 25% tariffs on the European Union - FRANCE 24 English - February 27th, 2025 [February 27th, 2025]
Trump vows to impose 25% tariffs on imports from the European Union - The Associated Press - February 27th, 2025 [February 27th, 2025]
Trump says tariff level will be 25% on European Union products - Le Monde - February 27th, 2025 [February 27th, 2025]
EU reaffirms unwavering support to Ukraine on anniversary of invasion - European Union - February 27th, 2025 [February 27th, 2025]
The European Union is financing a project to strengthen social protection for women in ten local communities in Bosnia and Herzegovina - EEAS - February 27th, 2025 [February 27th, 2025]
Trump's reciprocal tariffs would hit these European Union products that Americans buy the hardest - CNBC - February 14th, 2025 [February 14th, 2025]
European Union Says It Will Respond "Firmly, Immediately" To Trump's Tariffs - NDTV - February 14th, 2025 [February 14th, 2025]
How the European Union could counter US tariffs - ING Think - February 14th, 2025 [February 14th, 2025]
(Nemolizumab) Approved in the European Union for Moderate-to-Severe Atopic Dermatitis and Prurigo Nodularis - Business Wire - February 14th, 2025 [February 14th, 2025]
European Union could ban the number 1 Catholic app in the world: Hallow - ZENIT - English - February 14th, 2025 [February 14th, 2025]
Political contagion in Europe: can the European Union survive Trumpism? - Bruegel - January 19th, 2025 [January 19th, 2025]
Bolstering the cybersecurity of the healthcare sector - European Union - January 19th, 2025 [January 19th, 2025]
Medidatas Patient Experience Recognized as Sustainability Solution by the European Union, Paving the Way for Greener Clinical Trials - Dassault... - January 19th, 2025 [January 19th, 2025]
European Union Special Representative for the Great Lakes Region, Johan Borgstam, makes first official visit to Tanzania - EEAS - January 19th, 2025 [January 19th, 2025]
Indicating the way forward for sustainable European aviation - European Union - January 19th, 2025 [January 19th, 2025]
UNHCR and the European Union join forces to provide lasting solutions for Afghan refugees and returnees - EEAS - January 19th, 2025 [January 19th, 2025]
Irregular migration into the European Union fell sharply last year, border agency says - The Associated Press - January 19th, 2025 [January 19th, 2025]
Poland Assumes the Presidency of the Council of the European Union - Kyiv Post - January 6th, 2025 [January 6th, 2025]
Far From Ignorant: The European Union, Arms Exports and Israel - CounterPunch - January 3rd, 2025 [January 3rd, 2025]
Major changes in the European Union - summary of 2024: everything you need to know in 2025 - Visit Ukraine - January 3rd, 2025 [January 3rd, 2025]
Hungary's controversial presidency of the Council of the European Union comes to an end - Euronews - January 1st, 2025 [January 1st, 2025]
30 years together: Austria, Finland and Sweden in the EU - European Union - January 1st, 2025 [January 1st, 2025]
AI and Employee Data Protection in the European Union: 8 Key Takeaways for Multinational Businesses - JD Supra - January 1st, 2025 [January 1st, 2025]
Pro-European Union Protests in Georgia Continue into New Years Eve - AL24 News - January 1st, 2025 [January 1st, 2025]
2025, between the reformist drive and the structural challenges of the European Union - The Diplomat in Spain - January 1st, 2025 [January 1st, 2025]
Statement on behalf of the European Union and its Member States by H.E. Ambassador Stavros Lambrinidis, Delegation of the European Union to the United... - December 30th, 2024 [December 30th, 2024]
European Union to resume Association Council meetings with Israel - The Times of Israel - December 18th, 2024 [December 18th, 2024]
Its time for the European Union to rethink personal social networking - Bruegel - December 18th, 2024 [December 18th, 2024]
Mistral 3 project to receive 60 million from European Union - MBDA - December 18th, 2024 [December 18th, 2024]
The European Union and Palestinian Authority convene Investment Platform and announce EUR 28.3 million of investments for the Palestine Financial... - December 18th, 2024 [December 18th, 2024]
The EVERY Company Further Expands its IP Estate with European Union Patent for Recombinant Ovalbumin - Business Wire - December 18th, 2024 [December 18th, 2024]
European Union sanctions 26 individuals and two entities in Belarus - euneighbourseast.eu - December 18th, 2024 [December 18th, 2024]
European Union: What do CG&R companies need to know about the European Accessibility Act? - GlobalComplianceNews - December 18th, 2024 [December 18th, 2024]
New EU norms to reduce environmental impact of smitheries and foundries - European Union - December 14th, 2024 [December 14th, 2024]
Syria: Statement by the High Representative on behalf of the European Union on the fall of the Assad regime - consilium.europa.eu - December 10th, 2024 [December 10th, 2024]
European Union and the Gates Foundation to co-host Gavi 6.0 High Level Pledging Summit - Bill & Melinda Gates Foundation - December 10th, 2024 [December 10th, 2024]
European Union orders TikTok to preserve data related to Romanian election - The Associated Press - December 10th, 2024 [December 10th, 2024]
European Union - United Republic of Tanzania: Joint Communique of the 2024 Partnership Dialogue - EEAS - December 10th, 2024 [December 10th, 2024]
Human Rights Day: Statement by the High Representative on behalf of the European Union - consilium.europa.eu - December 10th, 2024 [December 10th, 2024]
We are waiting to return home - helping refugees in Sudan - European Union - December 10th, 2024 [December 10th, 2024]
Revised Regulation on Classification, Labelling and Packaging of Chemicals enters into force - European Union - December 10th, 2024 [December 10th, 2024]
CCS legal framework for the development of carbon capture and storage technologies in Poland and the European Union - Dentons - December 10th, 2024 [December 10th, 2024]
Mercosur and the European Union sign trade agreement - Fresh Fruit Portal - December 10th, 2024 [December 10th, 2024]
European Union To Spend Over $4 Million And 3 Years To Create Report On European Animation Industry - Cartoon Brew - December 4th, 2024 [December 4th, 2024]
Speech by President von der Leyen at the European Parliament Plenary on the new College of Commissioners and its programme - European Union - December 4th, 2024 [December 4th, 2024]
ASSEMBLY | EU bishops reflect on Europes future and challenges of the new institutional cycle - The Catholic Church in the European Union - December 4th, 2024 [December 4th, 2024]
Georgia suspends talks on joining the European Union and accuses the bloc of blackmail - The Associated Press - November 30th, 2024 [November 30th, 2024]
An update on political advertising in the European Union - The Keyword - November 30th, 2024 [November 30th, 2024]

April 14th, 2022

No comments yet

Comments are closed.

Mediaboss Marketing

Coordinated Vulnerability Disclosure policies in the EU – ENISA

About

Pages

Categories

Media Sites

Recommended Sites

Archives