We use cookies to collect anonymous data to help us improve your site browsing experience.

Click 'Accept all cookies' to agree to all cookies that collect anonymous data. To only allow the cookies that make the site work, click 'Use essential cookies only.' Visit 'Set cookie preferences' to control specific cookies.

Set cookie preferences

Your cookie preferences have been saved. You can change your cookie settings at any time.

Publication - FOI/EIR release

Criteria used in the Scottish Government’s vulnerability disclosure policy: FOI release

Published
15 April 2021
Directorate
Digital Directorate
Topic
Public sector, Work and skills
FOI reference
FOI/202100177952
Date received
17 March 2021
Date responded
23 March 2021

Information request and response under the Freedom of Information (Scotland) Act 2002

Information requested

What criteria is used to determine “good faith” security research, as outlined in the Scottish Government’s Vulnerability Disclosure Policy.

Response

The answer to your question is, in the context of the Vulnerability Disclosure Policy, ‘good faith’ is assessed by the ethics shown by the researcher in respect of actions carried out to probe vulnerabilities. Specifically the intent to disclose the vulnerability to the Scottish Government as soon as possible, and not to disclose it elsewhere or exploit it in any way.

About FOI
The Scottish Government is committed to publishing all information released in response to Freedom of Information requests. View all FOI responses at http://www.gov.scot/foi-responses.

Contact

Please quote the FOI reference
Central Enquiry Unit
Email: ceu@gov.scot
Phone: 0300 244 4000

The Scottish Government
St Andrews House
Regent Road
Edinburgh
EH1 3DG

Back to top