| [open-regulatory-compliance] ORC Meetings this week |
Coordinated Vulnerability Disclosure (CVD) is written into NIS2 and the Cyber Resilience Act as a cornerstone of Europe’s cybersecurity policy. In practice, though, the system is failing. When I reported a vulnerability in a major Belgian bank through the official channels, I was met with bureaucracy, legal threats, and a total lack of technical engagement; both from both the bank and Belgium’s national cybersecurity authority. What should have been a routine disclosure turned into a long standoff that perfectly illustrates how Europe’s CVD framework is broken.
Eclipse Foundation: The Community for Open Collaboration and Innovation
Handelsregister: Darmstadt HRB 92821
Managing Directors: Gaël Blondelle, Mike Milinkovich, Michael Plagge
BEGIN:VCALENDAR VERSION:2.0 PRODID:-//Google Apps Script//Weekly Event Report//EN CALSCALE:GREGORIAN METHOD:PUBLISH BEGIN:VEVENT UID:4j5ahsgv2tmkogfg5kpg1fq3tj_R20251124T160000@xxxxxxxxxx DTSTAMP:20251123T114316Z DTSTART:20251124T160000Z DTEND:20251124T170000Z SUMMARY:CRA Mondays | When Disclosure Fails: Europe’s Struggle with CVD DESCRIPTION:<p dir="auto">Coordinated Vulnerability Disclosure (CVD) is written into NIS2 and the Cyber Resilience Act as a cornerstone of Europe’s cybersecurity policy. In practice\, though\, the system is failing. When I reported a vulnerability in a major Belgian bank through the official channels\, I was met with bureaucracy\, legal threats\, and a total lack of technical engagement\; both from both the bank and Belgium’s national cybersecurity authority. What should have been a routine disclosure turned into a long standoff that perfectly illustrates how Europe’s CVD framework is broken.</p><br>In this talk\, I’ll show how these problems aren’t just Belgian\, but systemic. Across the EU\, policymakers treat CVD as a means to impose requirements on reporters instead of a commitment by organisations to receive and fix vulnerabilities. They confuse disclosure with bug bounties\, enforce pointless formalities\, and discourage the very people trying to help. I’ll explain what went wrong\, why it matters for NIS2 and the CRA\, and how we can fix CVD before it collapses under its own red tape.<br><br>More info: <a href="https://github.com/orcwg/orcwg/tree/main/events/cra-mondays"; target="_blank">https://github.com/orcwg/orcwg/tree/main/events/cra-mondays</a> LOCATION:https://eclipse.zoom.us/j/82349283943 STATUS:CONFIRMED SEQUENCE:0 END:VEVENT END:VCALENDAR
BEGIN:VCALENDAR VERSION:2.0 PRODID:-//Google Apps Script//Weekly Event Report//EN CALSCALE:GREGORIAN METHOD:PUBLISH BEGIN:VEVENT UID:bnrsdfm85gspl2ll4cpcrdlrrb@xxxxxxxxxx DTSTAMP:20251123T114316Z DTSTART:20251125T143000Z DTEND:20251125T153000Z SUMMARY:FAQ Task Force DESCRIPTION:The FAQ Task Force is responsible for developing and maintaining the CRA FAQs. It meets regularly to organize its work-mode\, address open issues\, and onboard new contributors.<br><br>Agenda &\; Minutes: <a href="https://github.com/orcwg/orcwg/tree/main/cyber-resilience-sig/minutes/faq-task-force"; target="_blank"><u>https://github.com/orcwg/orcwg/tree/main/cyber-resilience-sig/minutes/faq-task-force</u></a><br><br>Meeting info: <a href="https://github.com/orcwg/orcwg/blob/main/MEETINGS.md#faq-task-force-call"; target="_blank"><u>https://github.com/orcwg/orcwg/blob/main/MEETINGS.md#faq-task-force-call</u></a><br><br>Jitsi meeting: <a href="https://meet.jit.si/moderated/afe9a4643dd84fb5123e1a745a0fd90b749a44c6fb91d582505628215ee52d98"; target="_blank"><u><u>https://meet.jit.si/moderated/afe9a4643dd84fb5123e1a745a0fd90b749a44c6fb91d582505628215ee52d98</u></u></a> LOCATION:https://meet.jit.si/moderated/afe9a4643dd84fb5123e1a745a0fd90b749a44c6fb91d582505628215ee52d98 STATUS:CONFIRMED SEQUENCE:0 END:VEVENT END:VCALENDAR
BEGIN:VCALENDAR CALSCALE:GREGORIAN VERSION:2.0 X-WR-CALNAME:Cyber Resilience SIG METHOD:PUBLISH PRODID:-//Apple Inc.//macOS 15.6.1//EN BEGIN:VTIMEZONE TZID:Europe/Paris BEGIN:DAYLIGHT TZOFFSETFROM:+0100 DTSTART:19810329T020000 RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=-1SU TZNAME:GMT+2 TZOFFSETTO:+0200 END:DAYLIGHT BEGIN:STANDARD TZOFFSETFROM:+0200 DTSTART:19961027T030000 RRULE:FREQ=YEARLY;BYMONTH=10;BYDAY=-1SU TZNAME:GMT+1 TZOFFSETTO:+0100 END:STANDARD END:VTIMEZONE BEGIN:VEVENT TRANSP:OPAQUE DTEND;TZID=Europe/Paris:20251124T170000 UID:3jirh5tcmtggtga99gsct4vl8c@xxxxxxxxxx DTSTAMP:20251123T204848Z LOCATION:https://meet.jit.si/moderated/afe9a4643dd84fb5123e1a745a0fd90b7 49a44c6fb91d582505628215ee52d98 DESCRIPTION:Meeting info:<br><a href="https://www.google.com/url?q=https ://github.com/orcwg/orcwg/blob/main/MEETINGS.md%23cyber-resilience-sig-c all&\;sa=D&\;source=calendar&\;ust=1764362420333562&\;usg=AO vVaw1_1skr8-ssgVpv4MwElQuS" target="_blank">https://github.com/orcwg/orc wg/blob/main/MEETINGS.md#cyber-resilience-sig-call</a><br><br>Agenda:<br ><a href="https://www.google.com/url?q=https://github.com/orcwg/orcwg/la bels/cyber-resilience-sig&\;sa=D&\;source=calendar&\;ust=176436 2420333562&\;usg=AOvVaw26qtxF2W0_uadoOQp6eAB6" target="_blank">https: //github.com/orcwg/orcwg/labels/cyber-resilience-sig</a><br><br>Jitsi me eting:<br><a href="https://www.google.com/url?q=https://meet.jit.si/mode rated/afe9a4643dd84fb5123e1a745a0fd90b749a44c6fb91d582505628215ee52d98&a mp\;sa=D&\;source=calendar&\;ust=1764362420333562&\;usg=AOvVaw0 zUfZznsoi7w3amzhQu-Xq" target="_blank"><u>https://meet.jit.si/moderated/ afe9a4643dd84fb5123e1a745a0fd90b749a44c6fb91d582505628215ee52d98</u></a> STATUS:CONFIRMED SEQUENCE:0 SUMMARY:Cyber Resilience SIG DTSTART;TZID=Europe/Paris:20251124T160000 LAST-MODIFIED:20251123T204152Z CREATED:20251123T204152Z END:VEVENT END:VCALENDAR