On one hand we have a very strict view bound by the formal legal constraints. These define legal and illegal activities but often miss out on the gray area that is always present. How much hacking is OK before we cross the line? The term “”ethical hacking”” wishes to distinguish the good side of the force that helps vendors and administrators in identifying bugs and vulnerabilities, disclose those to proper entities and this ensure that the world becomes a better place. Responsible disclosure (RD) is a de-facto norm on the internet.

But what terms and processes do we need to define first in order to talk about RD? Are there legal prerequisites before we can shout it out, especially to the media?

Gorazd Božič is the Head of the Slovenian national Computer Emergency Response Team (SI-CERT) which was established in 1995. Between 2000 and 2008 Gorazd was the Chairman of the European CERT group TF-CSIRT, which brings together all known CERTs in the wider European region and provides the accreditation and certification programme for CERTS – the Trusted Introducer. Gorazd is involved in national awareness-raising programmes for cyber security and has been the Slovenian representative to the the Management Board of ENISA, the European Network and Information Security Agency, since its formation in 2004.


[Slides (PDF)] [Recording (MP4)] [Recording (OGV)]

Comments are closed.