Vulnerability Disclosure, Governments and You

Explore the complexities of vulnerability disclosure in cybersecurity through this 38-minute conference talk by Jeroen van der Ham at Hack.lu 2017. Delve into the evolution of vulnerability disclosure practices from the 90s to the present, examining the rise of bug bounty programs and government involvement. Gain insights into how vulnerability disclosure has influenced EU policy-making, including debates on GDPR and the NIS directive. Understand the impact of high-level policy discussions on export control and dual-use goods in the international Wassenaar Arrangement. Learn about the intersection of policy-making with security and incident response, and consider ways to advance this field. Benefit from van der Ham's expertise as a security researcher at NCSC-NL, focusing on privacy, security, and ethics in security research.

Introduction
Vulnerability disclosure
National and international efforts
How does it work
Bug bounties
Hackers are not scary
The law can still be involved
The hospital
The disclosure
KP
Wrapping up
The once entire arrangement
The crypto Wars
Intrusion Software