Reporting vulnerabilities in Belgium (WHY2025)

Chaos Computer Club - recent events feed · floort

August 9, 202547m 35s

Audio is streamed directly from the publisher (cdn.media.ccc.de) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.

Original episode page

Show Notes

How noticing a vulnerability in a website has led to a foreign government threatening to revoke my permission to publicly discuss the existence of an abstract vulnerability class. Belgium has laws regulating the reporting and public disclosure of vulnerabilities. While the goal is to protect both organisations and reporters of vulnerabilities, the assumptions behind it conflict with the practice of coordinated vulnerability disclosure. I will discuss the parts of my experience I’m allowed to tell. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/3R8JLD/

Topics

2892025why2025Yearn for a better futureAndromedawhy2025-engDay 3

← All episodes of Chaos Computer Club - recent events feed