Guideline Coordinated Vulnerability Disclosure Assists Organisations With Their Own CVD-Policy
On 2 October, during the One Conference in The Hague, the NCSC published the 'Coordinated Vulnerability Disclose: the Guideline'. This is a expansion on the guideline 'responsible disclose' in 2013. The purpose of the Coordinated Vulnerability Disclose (CVD) is to contribute to the security of IT-systems by exchanging knowledge on vulnerabilities. Via this method, owners of IT-systems can tackle any vulnerabilities before these are actively taken advantage of, for malign purposes, by third parties. The revised guideline places focus on the human factor with a succesful CVD-policy and proper internal communication.
As of 2013 the NCSC has received and processed several hundreds of reports. Many Dutch organisations maintain an active CVD-policy. This illustrates the added value of the CVD-process in increasing the digital resilience in the Netherlands.
As part of the revised guidelines' launch, the photo exhibition HackersHandshake by Tobias Groenland and Chris van 't Hof, was opened at the World Forum by Patricia Zorko, Director Cyber Security and interim National Coordinator Counterterrorism and Security (NCTV). The exhibition will be moved to the Cyber Security Week Congress & Expo at the Fokker Terminal for 4 and 5 October.
The original article can be read (in Dutch) on the website of the National Cyber Security Centre (NCSC) here.