But while identifying vulnerabilities can play an important role in your vulnerability management approach, how this information is collected can create legal and organisational challenges.

At the Beltug Debate Room on 1 June 2023, Beltug members came together to find out about and discuss the topic of how such vulnerabilities are identified and reported, the legal implications (especially for unauthorised ‘ethical hackers’), and the role of the Coordinated Vulnerability Disclosure Policy (CVDP).

Based on the discussions, we have summarised the most interesting insights on the new legal framework for coordinated vulnerability disclosure that has been adopted in Belgium, in a Beltug Paper: ‘From ‘criminal’ to ‘cyber hero’: Vulnerability management and the ethical hacker’

The Paper is available to our members after log in.