Explore the complexities of vulnerability disclosure in cybersecurity through this 38-minute conference talk by Jeroen van der Ham at Hack.lu 2017. Delve into the evolution of vulnerability disclosure practices from the 90s to the present, examining the rise of bug bounty programs and government involvement. Gain insights into how vulnerability disclosure has influenced EU policy-making, including debates on GDPR and the NIS directive. Understand the impact of high-level policy discussions on export control and dual-use goods in the international Wassenaar Arrangement. Learn about the intersection of policy-making with security and incident response, and consider ways to advance this field. Benefit from van der Ham's expertise as a security researcher at NCSC-NL, focusing on privacy, security, and ethics in security research.