Coordinated Vulnerability Disclosure: A Quick Win for Cyber Norms and Software Security

In 2015, UN member states committed themselves to fostering software supply chain security, write Alexandra Paulus and Bart Hogeveen for Directions Blog. But the issue has since been neglected in international forums, even as software supply chain compromises have severely impacted individuals, companies and societies. To begin to close this implementation gap, diplomatic action should focus on global promotion of processes of coordinated vulnerability disclosure (CVD). This would both strengthen domestic cybersecurity and demonstrate states’ commitments to the UN normative framework.