Interview on YouTube

Posted in Opinion with tags coordinated disclosure ethics responsible disclosure vulnerability disclosure -

At the National Cyber Security Center One Conference last week, Chris van ‘t Hof interviewed me in his TekTok studio. We briefly talked about the Ethical Committee at the University of Amsterdam’s System and Network Engineering master, about Responsible Disclosure and why this is a bad term.

In the interview I mention the ISO standard on Vulnerability Disclosure. Katie Moussouris has presented an excellent introduction at the 2013 RSA Conference.

Later at the NCSC conference there was also a session on Responsible Disclosure, and someone also made the case for the name “Coordinated Disclosure”. This is more neutral term, it covers the equal responsibility, and does not have any judgement in it.

I will post more on our Ethical Committee, but if you want more information now, head over to the OS3.nl website.

Written by