Demand 10: Vulnerabilities Must be Published
Nowadays secret services appear to exploit vulnerabilities, cause vulnerabilities and stockpile vulnerabilities for future exploitation. These security flaws can also be misused for criminal purposes. If, on the contrary, they are published, then it is very likely that developers fix them promptly -- however, a sufficient period must be allowed before their public disclosure. This heightens public awareness and trust in defensive security strategies.
Our detailed demands:
- Anyone has to disclose vulnerabilities responsibly and without inappropriate delay.
- Public institutions have a special responsibility to safeguard the integrity of information systems. This is a consequence of the constitutional right to [Gewährleistung der Vertraulichkeit und Integrität informationstechnischer Systeme].
Demand 11