OECD Global Forum on Digital Security for Prosperity

Session 2 – Open-source software and vulnerability treatment

Jul 10, 2024 | 2:10 PM - 2:55 PM

Session 2


When it comes to vulnerabilities, both proprietary and open-source software face the same reality: the more complex the code, the more vulnerabilities there are, and despite all efforts to secure the code by design, some vulnerabilities still remain, as explained in recent OECD work. The solution to software vulnerabilities is their detection and resolution, including through vulnerability treatment and co-ordinated vulnerability disclosure (CVD), a collaborative process involving all stakeholders, from security researchers (detection, disclosure) to software editors (vulnerability handling and resolution) and users (patching and vulnerability management). In 2022, the OECD recommended the adoption of public policies to encourage vulnerability treatment. This session will explore the specificities of OSS with respect to vulnerability treatment, and the unique characteristics of its ecosystem.

Explore Suggested Sessions