Over 130 participants gathered at the conference entitled "Responsible disclosure of security vulnerabilities", which took place on Tuesday, May 09, 2017 in co-organizing with the Information Commissioner, SI-CERT and the Institute for Corporate Security Studies. Such a massive participation has shown that the issues of responsible security disclosure are extremely topical and that this process brings many open dilemmas in its implementation. In the introductory part Mrs. Mojca Prelesnik, the Information Commissioner, gave a brief presentation of some basic hints and outstanding issues, which later served as a support for the discussion at the round table.
Later, Denis Čaleta, President of the Slovenian Corporate Security Association, together with invited guests, tried to open important dilemmas in the area of responsible disclosure of security vulnerabilities. In the debate, Gorazd Božič, SI CERT, Mr. Tadej Vodopivec, COMTRADE, MSc. Damijan Marinšek, Ministry of Public Administration, dr. Matej Kovačič / Jožef Stefan Institute / Slo- Tech, Mr. Igor Rojs, Specialized State Prosecutor's Office and dr. Sabina Zgaga, the Constitutional Court of the Republic of Slovenia tried to continue the debate on the basis of previous events, where the topic was opened. Particular emphasis was placed on the debate on the legal aspects of the process, and of course the need for the legislator to define in more detail the responsible disclosure of security vulnerabilities. Of course, the discussion also focused on the detailed clarification and definition of entities that carry out responsible disclosure of security vulnerabilities.
Within a few days, the websites of all three organizations that have organized the event will be accessible video of the event with conclusions. These will certainly be a welcome foundation for the continuation of the public debate.
Members of the Slovenian Corporate Security Association added special value to the event, who as important representatives of Critical Infrastructure Managers have opened important hubs that will need to be taken into account for the effective management of this process.
Introductory presentation of the Information Commissioner is in a pdf presentation below.