Valéry Vander Geeten & Stijn Jans
Responsible disclosure and bug bounty, the next level of security testing
“Ethical hacking” or bug bounty programs are well known in the ICT security Community. Coordinated Vulnerability disclosure policy (CVDP), also called responsible disclosure policy, is a set of rules set up by an organization responsible for an information or communication technology system to enable collaboration between it and a security researcher or the general public, who wants to search or has discovered a potential security vulnerability in its systems, services or products. These rules should allow for an eventual disclosure of this security vulnerability in a responsible, coordinated and prepared manner between the security researcher (or the general public) and the responsible organization. In Belgium, the use of those policies is subject to legal issues. However, it is possible to apply such policies within the Belgian actual legal frame, subject to certain conditions and best practices.
Valéry is the Legal Officer of the Centre for Cybersecurity Belgium (as well of the federal service CERT.be which is a part of the CCB) and he is a former lawyer at the Brussels Bar. He is in charge of the legal aspect of the activities of the CCB and the CERT.be, including the implementation of the NIS directive (EU directive 2016/1148) in Belgium. Valéry is also a teacher assistant at the Law Faculty of the University of Brussels (ULB).
Stijn is the founder of intigriti, a crowdsourced security platform where security researchers meet and communicate with companies in a safe way. Previous to his role at intigriti, Stijn founded the Security Factory. The Security Factory is a security consultancy company with its main focus on penetration testing.
Valéry Vander Geeten
Legal Officer @ Centre for Cybersecurity Belgium
Founder @ intigriti