The report seeks to establish how widely vulnerability disclosure is practiced in the consumer IoT product domain. It presents a number of key findings on the adoption of vulnerability disclosure best practice worldwide for IoT devices, and illustrates how the adoption rate has changed over time.
The ‘Coordinated Vulnerability Disclosure: the Guideline’ is a revision of the Dutch National Cybersecurity Centre’s 2013 ‘Guideline to come to a practice of responsible disclosure’. The revised guideline is designed to help organisations create their own Coordinated Vulnerability Disclosure policy, informed by current best practice.
‘Software Vulnerability Disclosure in Europe: Technology, Policies and Legal Challenges’ analyses current best practice in vulnerability disclosure throughout Europe, the US and Japan and uses it to develop a series policy recommendations on the development of an effective policy frameworks for introducing coordinated vulnerability disclosure (CVD) and government disclosure decision processes (GDDP).
The ‘Beginners’ Guide to Bug Bounty Programs’ provides an entry-level introduction to how hackers can help industry and government provide continuous security that is capable of keeping pace with the speed of innovation. It provides an introduction to bug bounty programs, makes a case for why companies and governments should work with hackers, and steps the reader through different types of bug bounty programs and the value that they can add to ensuring the security of data, systems, and intellectual property.