Explore the state of coordinated vulnerability disclosure (CVD) in Canada's federal government in this NorthSec conference talk. Delve into the importance of CVD frameworks for securing government computer systems and compare Canada's approach to other countries like the US, UK, and Netherlands. Examine the potential legal risks faced by security researchers in Canada, including criminal and copyright legislation, and the lack of adequate whistleblower protection. Learn about the need for increased transparency and explicit regulation in Canada's current approach to vulnerability disclosure at the federal level. Gain insights from speakers Yuan Stevens and Stephanie Tran, experts in cybersecurity policy and digital rights, as they discuss best practices and policy frameworks needed to harness the efforts of security researchers in identifying and disclosing security flaws in government systems before adversaries do.
See Something, Say Something? - The State of Coordinated Vulnerability Disclosure in Canada’s Federal Government
Overview
Syllabus
Introduction
Dutch Hackers
Legal Consequences
Canada
Coordinated Vulnerability Disclosure
US Federal Approach
Hacking in Canada
Legal Risks
Canadas Approach
Recommendations
Taught by
NorthSec
Related Courses
-
Coordinated Vulnerability Disclosure - You’ve Come a Long Way, Baby
-
From Coordinated Disclosure to Cooperative Vulnerability Research When Dealing with Critical Software Stacks
-
Don't Hate the Disclosure, Hate the Vulnerability - How the Government is Bringing Researchers and Vendors Together to Talk Vulnerability Disclosure
-
From Dystopia to Opportunity - Stories from the Future of Cybersecurity
-
Bug Bounty Programs - Successfully Controlling Complexity and Perpetual Temptation
