Document Actions

Citation and metadata

Back to the article.

Recommended citation

Sandra Schmitz, Stefan Schiffner, Responsible Vulnerability Disclosure under the NIS 2.0 Proposal, 12 (2022) JIPITEC 448 para 1.

Download Citation

Endnote

%0 Journal Article
%T Responsible Vulnerability Disclosure under the NIS 2.0 Proposal
%A Schmitz, Sandra
%A Schiffner, Stefan
%J JIPITEC
%D 2022
%V 12
%N 5
%@ 2190-3387
%F schmitz2022
%X Both, the NIS Directive and the GDPR introduce breach reporting obligations. In particular, in the case of the GDPR this might include an obligation to go public about an incident. These legal obligations might be in conflict with good/common practice of responsible vulnerability disclosure. This paper briefly outlines reporting duties under NISD and GDPR and maps these to hypothetical scenarios where informing end users about cyber incidents might lead to uncontrolled vulnerability disclosure. In that view, this paper analyses whether the latest proposal for a NIS Directive 2.0 strikes the right balance between the need for swift reporting and the need to investigate a vulnerability when introducing a ‘coordinated vulnerability disclosure’.
%L 340
%K Cybersecurity
%K Disclosure
%K GDPR
%K NIS Directive
%K Vulnerability
%U http://nbn-resolving.de/urn:nbn:de:0009-29-54958
%P 448-457
Download

Bibtex

@Article{schmitz2022,
  author = 	"Schmitz, Sandra
		and Schiffner, Stefan",
  title = 	"Responsible Vulnerability Disclosure under the NIS 2.0 Proposal",
  journal = 	"JIPITEC",
  year = 	"2022",
  volume = 	"12",
  number = 	"5",
  pages = 	"448--457",
  keywords = 	"Cybersecurity; Disclosure; GDPR; NIS Directive; Vulnerability",
  abstract = 	"Both, the NIS Directive and the GDPR introduce breach reporting obligations. In particular, in the case of the GDPR this might include an obligation to go public about an incident. These legal obligations might be in conflict with good/common practice of responsible vulnerability disclosure. This paper briefly outlines reporting duties under NISD and GDPR and maps these to hypothetical scenarios where informing end users about cyber incidents might lead to uncontrolled vulnerability disclosure. In that view, this paper analyses whether the latest proposal for a NIS Directive 2.0 strikes the right balance between the need for swift reporting and the need to investigate a vulnerability when introducing a `coordinated vulnerability disclosure'.",
  issn = 	"2190-3387",
  url = 	"http://nbn-resolving.de/urn:nbn:de:0009-29-54958"
}
Download

RIS

TY  - JOUR
AU  - Schmitz, Sandra
AU  - Schiffner, Stefan
PY  - 2022
DA  - 2022//
TI  - Responsible Vulnerability Disclosure under the NIS 2.0 Proposal
JO  - JIPITEC
SP  - 448
EP  - 457
VL  - 12
IS  - 5
KW  - Cybersecurity
KW  - Disclosure
KW  - GDPR
KW  - NIS Directive
KW  - Vulnerability
AB  - Both, the NIS Directive and the GDPR introduce breach reporting obligations. In particular, in the case of the GDPR this might include an obligation to go public about an incident. These legal obligations might be in conflict with good/common practice of responsible vulnerability disclosure. This paper briefly outlines reporting duties under NISD and GDPR and maps these to hypothetical scenarios where informing end users about cyber incidents might lead to uncontrolled vulnerability disclosure. In that view, this paper analyses whether the latest proposal for a NIS Directive 2.0 strikes the right balance between the need for swift reporting and the need to investigate a vulnerability when introducing a ‘coordinated vulnerability disclosure’.
SN  - 2190-3387
UR  - http://nbn-resolving.de/urn:nbn:de:0009-29-54958
ID  - schmitz2022
ER  -
Download

Wordbib

<?xml version="1.0" encoding="UTF-8"?>
<b:Sources SelectedStyle="" xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography"  xmlns="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" >
<b:Source>
<b:Tag>schmitz2022</b:Tag>
<b:SourceType>ArticleInAPeriodical</b:SourceType>
<b:Year>2022</b:Year>
<b:PeriodicalTitle>JIPITEC</b:PeriodicalTitle>
<b:Volume>12</b:Volume>
<b:Issue>5</b:Issue>
<b:Url>http://nbn-resolving.de/urn:nbn:de:0009-29-54958</b:Url>
<b:Pages>448-457</b:Pages>
<b:Author>
<b:Author><b:NameList>
<b:Person><b:Last>Schmitz</b:Last><b:First>Sandra</b:First></b:Person>
<b:Person><b:Last>Schiffner</b:Last><b:First>Stefan</b:First></b:Person>
</b:NameList></b:Author>
</b:Author>
<b:Title>Responsible Vulnerability Disclosure under the NIS 2.0 Proposal</b:Title>
<b:Comments>Both, the NIS Directive and the GDPR introduce breach reporting obligations. In particular, in the case of the GDPR this might include an obligation to go public about an incident. These legal obligations might be in conflict with good/common practice of responsible vulnerability disclosure. This paper briefly outlines reporting duties under NISD and GDPR and maps these to hypothetical scenarios where informing end users about cyber incidents might lead to uncontrolled vulnerability disclosure. In that view, this paper analyses whether the latest proposal for a NIS Directive 2.0 strikes the right balance between the need for swift reporting and the need to investigate a vulnerability when introducing a ‘coordinated vulnerability disclosure’.</b:Comments>
</b:Source>
</b:Sources>
Download

ISI

PT Journal
AU Schmitz, S
   Schiffner, S
TI Responsible Vulnerability Disclosure under the NIS 2.0 Proposal
SO JIPITEC
PY 2022
BP 448
EP 457
VL 12
IS 5
DE Cybersecurity; Disclosure; GDPR; NIS Directive; Vulnerability
AB Both, the NIS Directive and the GDPR introduce breach reporting obligations. In particular, in the case of the GDPR this might include an obligation to go public about an incident. These legal obligations might be in conflict with good/common practice of responsible vulnerability disclosure. This paper briefly outlines reporting duties under NISD and GDPR and maps these to hypothetical scenarios where informing end users about cyber incidents might lead to uncontrolled vulnerability disclosure. In that view, this paper analyses whether the latest proposal for a NIS Directive 2.0 strikes the right balance between the need for swift reporting and the need to investigate a vulnerability when introducing a ‘coordinated vulnerability disclosure’.
ER
Download

Mods

<mods>
  <titleInfo>
    <title>Responsible Vulnerability Disclosure under the NIS 2.0 Proposal</title>
  </titleInfo>
  <name type="personal">
    <namePart type="family">Schmitz</namePart>
    <namePart type="given">Sandra</namePart>
  </name>
  <name type="personal">
    <namePart type="family">Schiffner</namePart>
    <namePart type="given">Stefan</namePart>
  </name>
  <abstract>Both, the NIS Directive and the GDPR introduce breach reporting obligations. In particular, in the case of the GDPR this might include an obligation to go public about an incident. These legal obligations might be in conflict with good/common practice of responsible vulnerability disclosure. This paper briefly outlines reporting duties under NISD and GDPR and maps these to hypothetical scenarios where informing end users about cyber incidents might lead to uncontrolled vulnerability disclosure. In that view, this paper analyses whether the latest proposal for a NIS Directive 2.0 strikes the right balance between the need for swift reporting and the need to investigate a vulnerability when introducing a ‘coordinated vulnerability disclosure’.</abstract>
  <subject>
    <topic>Cybersecurity</topic>
    <topic>Disclosure</topic>
    <topic>GDPR</topic>
    <topic>NIS Directive</topic>
    <topic>Vulnerability</topic>
  </subject>
  <classification authority="ddc">340</classification>
  <relatedItem type="host">
    <genre authority="marcgt">periodical</genre>
    <genre>academic journal</genre>
    <titleInfo>
      <title>JIPITEC</title>
    </titleInfo>
    <part>
      <detail type="volume">
        <number>12</number>
      </detail>
      <detail type="issue">
        <number>5</number>
      </detail>
      <date>2022</date>
      <extent unit="page">
        <start>448</start>
        <end>457</end>
      </extent>
    </part>
  </relatedItem>
  <identifier type="issn">2190-3387</identifier>
  <identifier type="urn">urn:nbn:de:0009-29-54958</identifier>
  <identifier type="uri">http://nbn-resolving.de/urn:nbn:de:0009-29-54958</identifier>
  <identifier type="citekey">schmitz2022</identifier>
</mods>
Download

Full Metadata

Bibliographic Citation Journal of intellectual property, information technology and electronic commerce law 12 (2022) 5
Title

Responsible Vulnerability Disclosure under the NIS 2.0 Proposal (eng)
Author Sandra Schmitz, Stefan Schiffner
Language eng
Abstract Both, the NIS Directive and the GDPR introduce breach reporting obligations. In particular, in the case of the GDPR this might include an obligation to go public about an incident. These legal obligations might be in conflict with good/common practice of responsible vulnerability disclosure. This paper briefly outlines reporting duties under NISD and GDPR and maps these to hypothetical scenarios where informing end users about cyber incidents might lead to uncontrolled vulnerability disclosure. In that view, this paper analyses whether the latest proposal for a NIS Directive 2.0 strikes the right balance between the need for swift reporting and the need to investigate a vulnerability when introducing a ‘coordinated vulnerability disclosure’.
Subject Cybersecurity, Disclosure, GDPR, NIS Directive, Vulnerability
DDC 340
Rights DPPL
URN: urn:nbn:de:0009-29-54958
JIPITEC – Journal of Intellectual Property, Information Technology and E-Commerce Law
Article search
Extended article search
Newsletter
Subscribe to our newsletter
Follow Us
twitter
 
Navigation