Developing National Vulnerability Programs and Initiatives

Pre Information Notice

Feb 18, 2022

Negotiated Procedure

Maximum budget: €65.000,00

During 2022, ENISA continues to support and assist Member States in establishing and implementing vulnerability disclosure policies. Actions include supporting Member States with guidelines, organizing workshops to encourage knowledge and information sharing, and doing research to provide assistance, advice, best practices and know how.

As part of its effort, specifically under Activity 2, Output 2.4, ENISA would like to engage with the industry, authorities and research community to produce a report on developing national vulnerability programs and initiatives.

With this tender, ENISA aims to procure services to research, identify and capture initiatives, good practices and case studies that can support the development of national vulnerability programs. 

This project should include at least the following activities: 

  1. Capture industry expectations regarding the implementation of national CVD policies
  2. Identify legal barriers for security researchers and recommend ways to overcome them
  3. Engage with industry, and national cybersecurity agencies in order to research trends on the use of open-source software under the prism of vulnerabilities
  4. Engage with industry experts and national cybersecurity agencies to research and discuss automation initiatives concerning vulnerability prioritization and treatment
  5. Engage with bug bounty experts, industry and national cybersecurity agencies to research and discuss the future of outsourcing security via bug bounty programs (paying by impact instead of work) vs training and encouraging security by design and in advance.

If you are interested in being invited to take part in this upcoming tender procedure, then please 'submit your interest' before the deadline, using the link below or via the eSubmission link.

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information