Sada metodických, organizačních a právních nástrojů pro realizaci procedur odpovědného hlášení kyberbezpečnostních zranitelností a poskytnutí relevantních vzorových dokumentů (pravidla a podmínky RVDP, poskytnutí detailních vzorových podkladů, dokumentů atp. se zaměřením na soukromou i veřejnou správu vč. popisu relevantních parametrů)

Investor logo

Warning

This publication doesn't include Institute of Computer Science. It includes Faculty of Informatics. Official publication website can be found on muni.cz.
Title in English A set of methodological, organizational and legal tools for the implementation of procedures for responsible reporting of cybersecurity vulnerabilities and provision of relevant model documents (rules and conditions of the RVDP, provision of detailed mod
Authors

VOSTOUPAL Jakub LOUTOCKÝ Pavel MALINKA Kamil KASL František BLECHOVÁ Anna KRIŠTOFÍK Andrej KLEINER Jan POHANKA Lukáš SZABÓ Juraj STUPKA Václav SAYDUEVA KNAPOVÁ Alena ROHEL Vladimír HRABĚ Pavel MIENCIL Petr BŘEZA Radan DUŠEK Petr

Year of publication 2022
MU Faculty or unit

Faculty of Informatics

Citation
Description The first part of this document focuses on identifying risks related to organisational and technical aspects and then presents possible mitigation measures for the identified areas. This is followed by a third chapter which elaborates on selected most relevant legal obligations and related risks that may negatively affect the implementation of the RVDP. This chapter also presents potential solutions (e.g. by providing model wording) arising from the legislation. In the next section, model RVDP conditions are presented, suitable for inspiration in the Czech legal environment and in the context of this project. These are based on an analysis of a number of selected functional foreign projects and a synthesis of individual findings. This document concludes with an analysis of the motivational aspects of individual stakeholders to engage in RVDP and related recommendations that can increase the motivation of certain actors and strengthen the effectiveness of the deployed RVDP (including the bug bounty of adaptation of the RVDP programme or cooperation with other stakeholders). Further inspiration for setting RVDP terms and conditions and related contract templates can then be found in the annexes.
Related projects:

You are running an old browser version. We recommend updating your browser to its latest version.

More info