Establishing a Global Community of Practice on Coordinated Vulnerability Disclosure (CVD)
CVE/FIRST VulnCon 2025 · Main Stage
In an increasingly interconnected digital landscape, the effective management and disclosure of cybersecurity vulnerabilities are paramount. This talk, delivered by Tommoito of JPCERT/CC and Justin Murphy of CISA, introduces a significant new initiative: the establishment of a **Global Community of Practice on Coordinated Vulnerability Disclosure (CVD COP)**. The presentation delves into the critical need for enhanced international cooperation in CVD, highlighting the complexities introduced by global supply chains, diverse cultural contexts, and evolving regulatory frameworks such as the EU Cyber Resilience Act (CRA).
AI review
A competent, well-intentioned policy/community talk from two credible speakers who actually hold the seats they're describing. JPCERT/CC and CISA standing up a formal global CVD community of practice is a real thing that matters to practitioners in this space, and the speakers are close enough to the work to speak with authority. But the talk itself delivers less signal than the initiative deserves — it's heavy on framing, light on specifics, and the 'proof of concept' is just the fact that the group exists and has met monthly. For a VulnCon audience that already understands CVD mechanics…