From Responsible Disclosure Policy (RDP) towards State Regulated Responsible Vulnerability Disclosure Procedure (hereinafter – RVDP): The Latvian approach

Research output: Contribution to journalArticlepeer-review

4 Citations (Scopus)

Abstract

Cybersecurity is an integral part of security. It plays a tremendous role in modern society. It encompasses technical, organizational and legislative measures created for the purpose of protecting and minimizing impacts from cyber incidents. Any software may contain bugs or security holes. Hackers frequently discover such flaws and, without vendor's consent, disclose step-by-step instructions about vulnerability to the public, disregarding the possible IT security risk. Many vendors already have introduced responsible disclosure policies or “bug bounty” programs. In 2013 the Netherlands launched the first state responsible disclosure Guidelines. Guidelines contain principles, definitions and organizational measures, necessary for responsible disclosure policy as a state policy. Latvia decided to draft Regulation on responsible disclosure procedure. In March 2016, the Ministry of Defence created a working group. The goal of the drafters was: 1) to prepare amendment to Law on the Security of Information Systems to create legislative framework for responsible vulnerability disclosure process; 2) to draft an amendment to Section 241 (3) of Criminal Law to create a guaranty against prosecution (waiver) for persons who act in accordance with responsible disclosure process. The paper provides an insight into this process, difficulties faced by drafters and presents provisional results of the legislative draft and lessons to be learnt.

Original languageEnglish
Pages (from-to)508-522
Number of pages15
JournalComputer Law and Security Review
Volume34
Issue number3
DOIs
Publication statusPublished - Jun 2018

Keywords

  • Algorithm
  • Cybersecurity
  • Latvia
  • Policy
  • Regulation
  • Software
  • Vulnerability responsible disclosure procedure
  • Waiver

Field of Science

  • 5.5 Law

Publication Type

  • 1.1. Scientific article indexed in Web of Science and/or Scopus database

Fingerprint

Dive into the research topics of 'From Responsible Disclosure Policy (RDP) towards State Regulated Responsible Vulnerability Disclosure Procedure (hereinafter – RVDP): The Latvian approach'. Together they form a unique fingerprint.

Cite this