See Something, Say Something? - The State of Coordinated Vulnerability Disclosure in Canada’s Federal Government

Explore the state of coordinated vulnerability disclosure (CVD) in Canada's federal government in this NorthSec conference talk. Delve into the importance of CVD frameworks for securing government computer systems and compare Canada's approach to other countries like the US, UK, and Netherlands. Examine the potential legal risks faced by security researchers in Canada, including criminal and copyright legislation, and the lack of adequate whistleblower protection. Learn about the need for increased transparency and explicit regulation in Canada's current approach to vulnerability disclosure at the federal level. Gain insights from speakers Yuan Stevens and Stephanie Tran, experts in cybersecurity policy and digital rights, as they discuss best practices and policy frameworks needed to harness the efforts of security researchers in identifying and disclosing security flaws in government systems before adversaries do.

Introduction
Dutch Hackers
Legal Consequences
Canada
Coordinated Vulnerability Disclosure
US Federal Approach
Hacking in Canada
Legal Risks
Canadas Approach
Recommendations