Responsible disclosure of IT vulnerabilities has caused discussions and even lawsuits. Some ethical hackers have been taken to court despite their good intentions and careful behaviour. At the same time there are several guidelines for responsible disclosure policies. There seems to be little discussion about the necessity for such a concept, but still many organisations have not implemented a policy. What are the obstacles and can these be taken away or diminished?

 

Law and regulation, standards and best practices, rewards and incentives all influence the success or failure of vulnerability reports. There is discussion about which type of disclosure is appropriate and potentially successful, so that the vulnerability is solved without repercussions for the reporter. Understanding the motives of ethical hackers and the business needs of organisations is key to a better practice. Regulation can be of assistance, e.g. in getting more organisations to adopt a policy.

 

Key words:  Responsible disclosure, cyber governance, ethical hacking, bug bounty programs

 

READ PDF>

 

 

  • A methodology for quantifying the level of cybersecurity...
    Master CS/Robert de Vries
    >
  • A methodology for qu...
    Master CS/Robert de Vries
    >
  • A methodology for quantifying the level of cybersecurity...
    Master CS/Robert de Vries
    >
  • A security architecture for software defined wide area n...
    Master CS/Mark Dirksen
    >
  • A security architect...
    Master CS/Mark Dirksen
    >
  • A security architecture for software defined wide area n...
    Master CS/Mark Dirksen
    >
  • Are the Dutch government controls for the protection of...
    Master CS/Erik van Garderen
    >
  • Are the Dutch govern...
    Master CS/Erik van Garderen
    >
  • Are the Dutch government controls for the protection of...
    Master CS/Erik van Garderen
    >
  • Can a Robot Do My Job? A Study on the Potential of Artif...
    Master CS/Esther van Luit
    >
  • Can a Robot Do My Jo...
    Master CS/Esther van Luit
    >
  • Can a Robot Do My Job? A Study on the Potential of Artif...
    Master CS/Esther van Luit
    >
  • Exploring the Dutch Digital Infrastructure. Data Issues,...
    Master CS/Alex Claver
    >
  • Exploring the Dutch...
    Master CS/Alex Claver
    >
  • Exploring the Dutch Digital Infrastructure. Data Issues,...
    Master CS/Alex Claver
    >
  • Improving cyber safety awareness education at Dutch elem...
    Master CS/Arjan Spiering
    >
  • Improving cyber safe...
    Master CS/Arjan Spiering
    >
  • Improving cyber safety awareness education at Dutch elem...
    Master CS/Arjan Spiering
    >
  • Policy instruments and the adoption of DNSSEC; A case st...
    Master CS/Rene Bakker
    >
  • Policy instruments a...
    Master CS/Rene Bakker
    >
  • Policy instruments and the adoption of DNSSEC; A case st...
    Master CS/Rene Bakker
    >
  • Processing Electromagnetic Parameters from a Secret Data...
    Master CS/Susan Varenbrink
    >
  • Processing Electroma...
    Master CS/Susan Varenbrink
    >
  • Processing Electromagnetic Parameters from a Secret Data...
    Master CS/Susan Varenbrink
    >
  • Reports, Rewards, and Recriminations. A critical look at...
    Master CS/Kees Wassenaar
    >
  • Reports, Rewards, an...
    Master CS/Kees Wassenaar
    >
  • Reports, Rewards, and Recriminations. A critical look at...
    Master CS/Kees Wassenaar
    >
  • Risk assessment for I2P with an enhanced outproxy design
    Master CS/Dolf Smits
    >
  • Risk assessment for...
    Master CS/Dolf Smits
    >
  • Risk assessment for I2P with an enhanced outproxy design
    Master CS/Dolf Smits
    >
  • The Internet of Things: a privacy label for IoT products...
    Master CS/Rob van Diermen
    >
  • The Internet of Thin...
    Master CS/Rob van Diermen
    >
  • The Internet of Things: a privacy label for IoT products...
    Master CS/Rob van Diermen
    >
  • The Unified Kill Chain
    Master CS/Paul Pols
    >
  • The Unified Kill Cha...
    Master CS/Paul Pols
    >
  • The Unified Kill Chain
    Master CS/Paul Pols
    >

This website uses cookies to ensure you get the best experience on our website. By continuing to browse the site, you are agreeing to our use of cookies.. More info

 

I AGREE