How can I effectively address cybersecurity vulnerabilities within my organization? Also, what are the implications of the Cyberresilience Act for this? EDITH, the European Digital Innovation Hub for Hesse, has extended an invitation to Dr. Steven Arzt, a cybersecurity expert from the Fraunhofer Institute for Secure Information Technology SIT, for a #DigiTalk session discussing best practices for Coordinated Vulnerability Disclosure.
Coordinated Vulnerability Disclosure (CVD) is the process with which ethical hackers report vulnerabilities in software and systems to manufacturers and system operators. Researchers commonly often assess the security status of a system or product independently, i.e., without a formal invitation, contract or integration into a company’s strategy. While these unasked-for vulnerability reports are still considered an insult by some companies, others openly embrace their value for strengthening the company’s IT security by interacting with the hacking and research communities. In his talk, Dr. Arzt shows how a proper CVD process can greatly benefit companies and the wider IT security community at the same time. It is shown how CVD can not only help identify and fix vulnerabilities, but also send a strong positive message about a company’s attitude towards IT security.