The Center for Cybersecurity Policy and Law is a nonprofit (501(c)(6) organization that develops, advances, and promotes best practices and educational opportunities among cybersecurity professionals. The Center provides a forum for thought leadership for the benefit of those in the industry including members of civil society and government entities in the area of cybersecurity and related technology policy. The Center seeks to leverage the experience of leaders in the field to ensure a robust marketplace for cybersecurity technologies that will encourage professionals, companies, and groups of all sizes to take steps to improve their cybersecurity practices.
HARDWARE-CENTRIC COORDINATED VULNERABILITY DISCLOSURE PRACTICES INITIATIVE & report
To address concerns about security gaps across a growing number of connected devices, the Center for Cybersecurity Policy and Law’s Initiative brings together key technology stakeholders to identify needs and circumstances of the hardware ecosystem, possible gaps in disclosure policy and practice, and options for future improvements. The Initiative has released a new report to help hardware vendors minimize risks for end users.
The Initiative’s Report “Improving Hardware Component Vulnerability Disclosure,” details the security challenges specific to the hardware environment as well as recommendations for using the coordinated vulnerability disclosure (CVD) process to address known risks.