Using examples from my extensive career in the security industry we will explore ways in which notifications about security vulnerabilities have changed throughout the years, this will include details of a CVE in Lenovo products which our team located and publicised responsibly and discussing how a data breach was found and reported to one of the world's largest communications companies. We'll explore best practice and hints and tips for a successful and responsible disclosure. We'll also discuss how law enforcement react in these situations and ways to ensure that you don't fall foul of legislation during the process.

Target audience: strategic / policy


time: 14:25
speakers: Simon Whittaker

Other sessions:

TsuNAME: exploiting misconfiguration and vulnerability to DDoS DNS

EU Cybersecurity cooperation: What more can we do anno 2021?

5 years of data breach notification obligation in the Netherlands

Transition to the Internet of Energy: Cybersecurity challenges of bits moving electrons

Analyzing the human factor: Data on security awareness and behavior