Keeping our cyber domain safe is a constant and evolving challenge. These days, threats and vulnerabilities are difficult to detect and address.
That’s why organizations often employ “friendly hackers”, a.k.a. white hat or friendly hackers. These help to pinpoint threats and weaknesses to networks or computer systems to prevent attacks from malicious, a.k.a. black hat hackers.
Ethical hacking is sometimes done on behalf of the owners of the systems or networks involved, but is also done by “uninvited” hackers. In the latter case hacking is not automatically considered black or white but seen in various shades of grey.
During this parallel session we discuss with all parties, both hackers and organizations, these various means of hacking and how we can define good policy rules. How can we make the best use of crowd sourcing security through tapping the knowledge of the masses and their willingness to share information and discoveries for non-malicious purposes?
In addition this session looks in to the concept of “coordinated disclosure”, thereby exploring the preconditions under which this type of policy can become beneficiary for both the “tested” organizations as well as the hackers involved.
Moderator: Mrs. Jaya Baloo, CISO KPN (Netherlands)
- Mrs. Katie Moussouris, Chief Policy Officer at HackerOne
- Mr. Albert Kinney, Director Cybersecurity Capabilities, U.S. Public Sector HP
- Mr. Lodewijk van Zwieten, National Prosecutor for High Tech Crime at Dutch Public Prosecution Service
- Mr. Inbar Raz, Hacker of Things
- Mr. Jeff Moss, founder of the Black Hat and DEF CON computer Hacker conferences
- Mr. Robin Schuil, Innovation officer, Ebay
- Mr. Rob Bening, CISO ING bank Global
- Ms. Anett Mádi-Nátor, Senior Cyber Defence Expert Ministry of Defence, Hungary
- Introducing Responsible Disclosure
This best practice guide provides guidelines for establishing a responsible disclosure policy. Responsible disclosure, or coordinated disclosure as it is known in the international context, is the practice of disclosing vulnerabilities found in an ICT system in a coordinated fashion to the organisation responsible for this ICT system. The guide shares experiences on establishing a national policy of responsible disclosure in the Netherlands. It also entails private sector adoption of such policies.