From Responsible Disclosure Policy (RDP) towards State Regulated Responsible Vulnerability Disclosure Procedure (hereinafter – RVDP): The Latvian approach

    Research output: Contribution to journalArticlepeer-review

    14 Citations (Scopus)

    Abstract

    Cybersecurity is an integral part of security. It plays a tremendous role in modern society. It encompasses technical, organizational and legislative measures created for the purpose of protecting and minimizing impacts from cyber incidents. Any software may contain bugs or security holes. Hackers frequently discover such flaws and, without vendor's consent, disclose step-by-step instructions about vulnerability to the public, disregarding the possible IT security risk. Many vendors already have introduced responsible disclosure policies or “bug bounty” programs. In 2013 the Netherlands launched the first state responsible disclosure Guidelines. Guidelines contain principles, definitions and organizational measures, necessary for responsible disclosure policy as a state policy. Latvia decided to draft Regulation on responsible disclosure procedure. In March 2016, the Ministry of Defence created a working group. The goal of the drafters was: 1) to prepare amendment to Law on the Security of Information Systems to create legislative framework for responsible vulnerability disclosure process; 2) to draft an amendment to Section 241 (3) of Criminal Law to create a guaranty against prosecution (waiver) for persons who act in accordance with responsible disclosure process. The paper provides an insight into this process, difficulties faced by drafters and presents provisional results of the legislative draft and lessons to be learnt.

    Original languageEnglish
    Pages (from-to)508-522
    Number of pages15
    JournalComputer Law and Security Review
    Volume34
    Issue number3
    DOIs
    Publication statusPublished - Jun 2018

    Keywords*

    • Algorithm
    • Cybersecurity
    • Latvia
    • Policy
    • Regulation
    • Software
    • Vulnerability responsible disclosure procedure
    • Waiver

    Field of Science*

    • 5.5 Law

    Publication Type*

    • 1.1. Scientific article indexed in Web of Science and/or Scopus database

    Fingerprint

    Dive into the research topics of 'From Responsible Disclosure Policy (RDP) towards State Regulated Responsible Vulnerability Disclosure Procedure (hereinafter – RVDP): The Latvian approach'. Together they form a unique fingerprint.

    Cite this