Multifaceted security cooperation
Multifaceted security cooperation
Friday 18 March 2016 Join the Manifesto?!
Cooperation is key to keeping your digital and connected systems and services secure. Cooperation within your supply chain, with your security service provider, public-private cooperation, etc. In the Netherlands this comes (almost) naturally, although there is certainly room for improvement.
Cooperation between you and the so-called ethical hacker community may also be beneficial to you. It is in your interest to know about vulnerabilities in your IT systems as soon as possible, so you can act to resolve the vulnerability, preferably before it is exploited. But some guidelines are necessary for this kind of cooperation to ensure that you have the opportunity to take care of the vulnerability in a controlled way and the reporter has less chance to be prosecuted for helping you improve your security. These guidelines are referred to as Coordinated Vulnerability Disclosure, or Responsible Disclosure.
CIO Platform Nederland has embraced this initiative and has translated the prior documentation of SURFnet that was made for the higher education and research community, to a format that is more suited to businesses and governmental organisations. We’ve had these translated into English and made them available to use by any interested party. Please find the policy and procedure document here and the implementation guide here. The Dutch government has put Coordinated Vulnerability Disclosure on the agenda of the Presidency of the European Union. CIO Platform Nederland and Rabobank have joined initiatives to promote the adoption of Coordinated Vulnerability Disclosure among businesses in Europe. To do this a Manifesto was developed which we encourage representatives of European businesses to come and sign during the EU high-level event on May 12th and 13th in Amsterdam. You can find the introduction to the Manifesto here and the text of the Manifesto here.
If you are interested in joining the Manifesto please send your contact details to vulnerability.disclosure@ncsc.nl.
If you have any questions about the topic of Coordinated Vulnerability Disclosure or the documents, please contact Ronald Verbeek.
More news
Quite some attention for VMware letter
Friday 05 April 2024 The four CIO associations' joint letter to the European Commission regarding the impact of Broadcom's acquisition of VMware on our members, has generated a lot of interest. full storyICT experts, entrepreneurs and scientists shared their insights with State Secretary Alexandra van Huffelen.
Thursday 28 March 2024 27th of March, ICT experts, entrepreneurs and scientists shared their insights with State Secretary Alexandra van Huffelen and us on how to be less dependent on non-European countries for cloud services and to become stronger in this technology ourselves. full storyBusiness IT users condemn Broadcom's market behaviour and call on European Commission for appropriate action
Thursday 28 March 2024 Today, CIO Platform Netherlands and its three European sister associations sent a joint letter to the European Commission following possible market-distorting behaviour by Broadcom since its acquisition of VMware. full storyArjen Boersma and Edward Cox join the board
Thursday 28 March 2024 We would like to welcome Arjen Boersma, CIO ProRail and Edward Cox, CIO Louwman Group, to the board of CIO Platform Nederland. full story