Citation and metadata
Recommended citation
Sandra Schmitz, Stefan Schiffner, Responsible Vulnerability Disclosure under the NIS 2.0 Proposal, 12 (2022) JIPITEC 448 para 1.
Download Citation
Endnote
%0 Journal Article %T Responsible Vulnerability Disclosure under the NIS 2.0 Proposal %A Schmitz, Sandra %A Schiffner, Stefan %J JIPITEC %D 2022 %V 12 %N 5 %@ 2190-3387 %F schmitz2022 %X Both, the NIS Directive and the GDPR introduce breach reporting obligations. In particular, in the case of the GDPR this might include an obligation to go public about an incident. These legal obligations might be in conflict with good/common practice of responsible vulnerability disclosure. This paper briefly outlines reporting duties under NISD and GDPR and maps these to hypothetical scenarios where informing end users about cyber incidents might lead to uncontrolled vulnerability disclosure. In that view, this paper analyses whether the latest proposal for a NIS Directive 2.0 strikes the right balance between the need for swift reporting and the need to investigate a vulnerability when introducing a ‘coordinated vulnerability disclosure’. %L 340 %K Cybersecurity %K Disclosure %K GDPR %K NIS Directive %K Vulnerability %U http://nbn-resolving.de/urn:nbn:de:0009-29-54958 %P 448-457Download
Bibtex
@Article{schmitz2022, author = "Schmitz, Sandra and Schiffner, Stefan", title = "Responsible Vulnerability Disclosure under the NIS 2.0 Proposal", journal = "JIPITEC", year = "2022", volume = "12", number = "5", pages = "448--457", keywords = "Cybersecurity; Disclosure; GDPR; NIS Directive; Vulnerability", abstract = "Both, the NIS Directive and the GDPR introduce breach reporting obligations. In particular, in the case of the GDPR this might include an obligation to go public about an incident. These legal obligations might be in conflict with good/common practice of responsible vulnerability disclosure. This paper briefly outlines reporting duties under NISD and GDPR and maps these to hypothetical scenarios where informing end users about cyber incidents might lead to uncontrolled vulnerability disclosure. In that view, this paper analyses whether the latest proposal for a NIS Directive 2.0 strikes the right balance between the need for swift reporting and the need to investigate a vulnerability when introducing a `coordinated vulnerability disclosure'.", issn = "2190-3387", url = "http://nbn-resolving.de/urn:nbn:de:0009-29-54958" }Download
RIS
TY - JOUR AU - Schmitz, Sandra AU - Schiffner, Stefan PY - 2022 DA - 2022// TI - Responsible Vulnerability Disclosure under the NIS 2.0 Proposal JO - JIPITEC SP - 448 EP - 457 VL - 12 IS - 5 KW - Cybersecurity KW - Disclosure KW - GDPR KW - NIS Directive KW - Vulnerability AB - Both, the NIS Directive and the GDPR introduce breach reporting obligations. In particular, in the case of the GDPR this might include an obligation to go public about an incident. These legal obligations might be in conflict with good/common practice of responsible vulnerability disclosure. This paper briefly outlines reporting duties under NISD and GDPR and maps these to hypothetical scenarios where informing end users about cyber incidents might lead to uncontrolled vulnerability disclosure. In that view, this paper analyses whether the latest proposal for a NIS Directive 2.0 strikes the right balance between the need for swift reporting and the need to investigate a vulnerability when introducing a ‘coordinated vulnerability disclosure’. SN - 2190-3387 UR - http://nbn-resolving.de/urn:nbn:de:0009-29-54958 ID - schmitz2022 ER -Download
Wordbib
<?xml version="1.0" encoding="UTF-8"?> <b:Sources SelectedStyle="" xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" > <b:Source> <b:Tag>schmitz2022</b:Tag> <b:SourceType>ArticleInAPeriodical</b:SourceType> <b:Year>2022</b:Year> <b:PeriodicalTitle>JIPITEC</b:PeriodicalTitle> <b:Volume>12</b:Volume> <b:Issue>5</b:Issue> <b:Url>http://nbn-resolving.de/urn:nbn:de:0009-29-54958</b:Url> <b:Pages>448-457</b:Pages> <b:Author> <b:Author><b:NameList> <b:Person><b:Last>Schmitz</b:Last><b:First>Sandra</b:First></b:Person> <b:Person><b:Last>Schiffner</b:Last><b:First>Stefan</b:First></b:Person> </b:NameList></b:Author> </b:Author> <b:Title>Responsible Vulnerability Disclosure under the NIS 2.0 Proposal</b:Title> <b:Comments>Both, the NIS Directive and the GDPR introduce breach reporting obligations. In particular, in the case of the GDPR this might include an obligation to go public about an incident. These legal obligations might be in conflict with good/common practice of responsible vulnerability disclosure. This paper briefly outlines reporting duties under NISD and GDPR and maps these to hypothetical scenarios where informing end users about cyber incidents might lead to uncontrolled vulnerability disclosure. In that view, this paper analyses whether the latest proposal for a NIS Directive 2.0 strikes the right balance between the need for swift reporting and the need to investigate a vulnerability when introducing a ‘coordinated vulnerability disclosure’.</b:Comments> </b:Source> </b:Sources>Download
ISI
PT Journal AU Schmitz, S Schiffner, S TI Responsible Vulnerability Disclosure under the NIS 2.0 Proposal SO JIPITEC PY 2022 BP 448 EP 457 VL 12 IS 5 DE Cybersecurity; Disclosure; GDPR; NIS Directive; Vulnerability AB Both, the NIS Directive and the GDPR introduce breach reporting obligations. In particular, in the case of the GDPR this might include an obligation to go public about an incident. These legal obligations might be in conflict with good/common practice of responsible vulnerability disclosure. This paper briefly outlines reporting duties under NISD and GDPR and maps these to hypothetical scenarios where informing end users about cyber incidents might lead to uncontrolled vulnerability disclosure. In that view, this paper analyses whether the latest proposal for a NIS Directive 2.0 strikes the right balance between the need for swift reporting and the need to investigate a vulnerability when introducing a ‘coordinated vulnerability disclosure’. ERDownload
Mods
<mods> <titleInfo> <title>Responsible Vulnerability Disclosure under the NIS 2.0 Proposal</title> </titleInfo> <name type="personal"> <namePart type="family">Schmitz</namePart> <namePart type="given">Sandra</namePart> </name> <name type="personal"> <namePart type="family">Schiffner</namePart> <namePart type="given">Stefan</namePart> </name> <abstract>Both, the NIS Directive and the GDPR introduce breach reporting obligations. In particular, in the case of the GDPR this might include an obligation to go public about an incident. These legal obligations might be in conflict with good/common practice of responsible vulnerability disclosure. This paper briefly outlines reporting duties under NISD and GDPR and maps these to hypothetical scenarios where informing end users about cyber incidents might lead to uncontrolled vulnerability disclosure. In that view, this paper analyses whether the latest proposal for a NIS Directive 2.0 strikes the right balance between the need for swift reporting and the need to investigate a vulnerability when introducing a ‘coordinated vulnerability disclosure’.</abstract> <subject> <topic>Cybersecurity</topic> <topic>Disclosure</topic> <topic>GDPR</topic> <topic>NIS Directive</topic> <topic>Vulnerability</topic> </subject> <classification authority="ddc">340</classification> <relatedItem type="host"> <genre authority="marcgt">periodical</genre> <genre>academic journal</genre> <titleInfo> <title>JIPITEC</title> </titleInfo> <part> <detail type="volume"> <number>12</number> </detail> <detail type="issue"> <number>5</number> </detail> <date>2022</date> <extent unit="page"> <start>448</start> <end>457</end> </extent> </part> </relatedItem> <identifier type="issn">2190-3387</identifier> <identifier type="urn">urn:nbn:de:0009-29-54958</identifier> <identifier type="uri">http://nbn-resolving.de/urn:nbn:de:0009-29-54958</identifier> <identifier type="citekey">schmitz2022</identifier> </mods>Download
Full Metadata
Bibliographic Citation | Journal of intellectual property, information technology and electronic commerce law 12 (2022) 5 |
---|---|
Title |
Responsible Vulnerability Disclosure under the NIS 2.0 Proposal (eng) |
Author | Sandra Schmitz, Stefan Schiffner |
Language | eng |
Abstract | Both, the NIS Directive and the GDPR introduce breach reporting obligations. In particular, in the case of the GDPR this might include an obligation to go public about an incident. These legal obligations might be in conflict with good/common practice of responsible vulnerability disclosure. This paper briefly outlines reporting duties under NISD and GDPR and maps these to hypothetical scenarios where informing end users about cyber incidents might lead to uncontrolled vulnerability disclosure. In that view, this paper analyses whether the latest proposal for a NIS Directive 2.0 strikes the right balance between the need for swift reporting and the need to investigate a vulnerability when introducing a ‘coordinated vulnerability disclosure’. |
Subject | Cybersecurity, Disclosure, GDPR, NIS Directive, Vulnerability |
DDC | 340 |
Rights | DPPL |
URN: | urn:nbn:de:0009-29-54958 |