22/11/2022 - 14 hrs (CET)
Sign up for the workshop here!
Exploiting software and hardware vulnerabilities has long since become its own industry. On the one hand, companies and crowdsourced co-ordination platforms reward security researchers for discovering and disclosing software bugs in a responsible manner. On the other, grey and black markets offer exploits to the highest bidder, often resulting in criminals buying them for their operations. State actors walk on a tightrope, at times using such questionable markets or withholding vulnerabilities under certain circumstances – mostly, if not entirely, outside of public scrutiny.
This playing field is likely to change with China’s 2021 “Regulations on the Management of Network Product Security Vulnerability”. Depending on how the regulation is enforced, it could stifle transnational security research or cause a further politicisation of vulnerabilities. Or even worse, it could spark a new race of vulnerabilities being funnelled into the arms of state actors, particularly if others emulate the Chinese model. State actors therefore need to clarify their position regarding vulnerability disclosures, particularly vis-á-vis China’s advance in that matter. The current regulatory patchwork in many countries should be replaced by fair, trustworthy, and democratically accountable vulnerability management processes.
To exchange innovative ideas that could guide state behaviour, IFSH’s International Cybersecurity team, in collaboration with the German Federal Foreign Office, is organising an interdisciplinary workshop entitled “Government Vulnerability Disclosures: Turning the Tide”.
We cordially invite you to join us on 22nd November at 14.00 hrs (CET) and invite you to participate during the Q&A.
Mischa Hansel, IFSH ICS
Mehmet Ince, Cybersecurity Researcher
Anastasiya Kazakova, Kaspersky / Vladimir Radunovic, DiploFoundation
Nick Kelly, Cybersecurity Advisors Network (CyAN)
Stewart Scott, Atlantic Council