Public Resources

The following are Public Resources that we recommend to members for Vulnerable Things policy management and Security.
CEPS Software Vulnerability in Europe Brochure

The IoT Security foundation’s Consumer IoT: Understanding the Contemporary Use of Vulnerability Disclosure - 2020 Progress Report

The report seeks to establish how widely vulnerability disclosure is practiced in the consumer IoT product domain. It presents a number of key findings on the adoption of vulnerability disclosure best practice worldwide for IoT devices, and illustrates how the adoption rate has changed over time.

https://www.iotsecurityfoundation.org/wp-content/uploads/2020/03/IoTSF-2020-Progress-Report-Consumer-IoT-and-Vulnerability-Disclosure.pdf

NCSC, Coordinated Vulnerability Disclosure: the Guideline

NCSC, Coordinated Vulnerability Disclosure: the Guideline

The ‘Coordinated Vulnerability Disclosure: the Guideline’ is a revision of the Dutch National Cybersecurity Centre’s 2013 ‘Guideline to come to a practice of responsible disclosure’. The revised guideline is designed to help organisations create their own Coordinated Vulnerability Disclosure policy, informed by current best practice.

ncsc_coordinated_vulnerability_disclosure_the_guideline.pdf

CEPS Software Vulnerability in Europe Brochure

CEPS Software Vulnerability in Europe

‘Software Vulnerability Disclosure in Europe: Technology, Policies and Legal Challenges’ analyses current best practice in vulnerability disclosure throughout Europe, the US and Japan and uses it to develop a series policy recommendations on the development of an effective policy frameworks for introducing coordinated vulnerability disclosure (CVD) and government disclosure decision processes (GDDP).

ceps_software_vulnerability_in_europe.pdf

The Beginners Guide to Bug Bounty Programs

The Beginners Guide to Bug Bounty Programs

The ‘Beginners’ Guide to Bug Bounty Programs’ provides an entry-level introduction to how hackers can help industry and government provide continuous security that is capable of keeping pace with the speed of innovation. It provides an introduction to bug bounty programs, makes a case for why companies and governments should work with hackers, and steps the reader through different types of bug bounty programs and the value that they can add to ensuring the security of data, systems, and intellectual property.

the-beginners-guide-to-bug-bounty-programs.pdf

Top