Pall Mall Process Aims to Define Responsible Commercial Cyber Intrusion Practices
Summary
Hide ▲
Show ▼
The Pall Mall Process, initiated by the UK and France in 2024, is entering its second phase to define guidelines for responsible behavior in the commercial cyber intrusion capabilities (CCICs) industry. This initiative involves 27 governments and tech giants like Google, Microsoft, Apple, and Meta, aiming to limit the trade in commercial spyware and zero-day exploits. The process seeks to maximize the positive use of CCICs while eradicating harmful practices. The NCSC considers CCICs to include vulnerability research, exploit development, malware creation, hacking-as-a-service, and access-as-a-service. The guidelines will complement the existing Code of Practice for States, signed by the 27 nations last year.
Timeline
-
03.12.2025 12:35 1 articles · 23h ago
Pall Mall Process Enters Second Phase to Define Responsible CCICs Guidelines
The Pall Mall Process, initiated by the UK and France in 2024, is entering its second phase to define guidelines for responsible behavior in the commercial cyber intrusion capabilities (CCICs) industry. The initiative involves 27 governments and major tech companies, aiming to limit the trade in commercial spyware and zero-day exploits. The guidelines will complement the existing Code of Practice for States, signed by the 27 nations last year.
Show sources
- Pall Mall Process to Define Responsible Commercial Cyber Intrusion — www.infosecurity-magazine.com — 03.12.2025 12:35
Information Snippets
-
The Pall Mall Process was launched in 2024 by the UK and France, with 27 governments and major tech companies participating.
First reported: 03.12.2025 12:351 source, 1 articleShow sources
- Pall Mall Process to Define Responsible Commercial Cyber Intrusion — www.infosecurity-magazine.com — 03.12.2025 12:35
-
The initiative aims to define responsible behavior for private sector firms in the commercial cyber intrusion capabilities (CCICs) industry.
First reported: 03.12.2025 12:351 source, 1 articleShow sources
- Pall Mall Process to Define Responsible Commercial Cyber Intrusion — www.infosecurity-magazine.com — 03.12.2025 12:35
-
CCICs include vulnerability research, exploit development, malware creation, hacking-as-a-service, and access-as-a-service.
First reported: 03.12.2025 12:351 source, 1 articleShow sources
- Pall Mall Process to Define Responsible Commercial Cyber Intrusion — www.infosecurity-magazine.com — 03.12.2025 12:35
-
The market for CCICs is growing, with new zero-day vulnerabilities being discovered and patched regularly.
First reported: 03.12.2025 12:351 source, 1 articleShow sources
- Pall Mall Process to Define Responsible Commercial Cyber Intrusion — www.infosecurity-magazine.com — 03.12.2025 12:35
-
In early November, CISA ordered federal agencies to patch a zero-day flaw used in attacks on WhatsApp users with Samsung devices.
First reported: 03.12.2025 12:351 source, 1 articleShow sources
- Pall Mall Process to Define Responsible Commercial Cyber Intrusion — www.infosecurity-magazine.com — 03.12.2025 12:35
-
In October, the boss of a US defense contractor pleaded guilty to selling zero-day exploits to a Russian broker linked to the Kremlin.
First reported: 03.12.2025 12:351 source, 1 articleShow sources
- Pall Mall Process to Define Responsible Commercial Cyber Intrusion — www.infosecurity-magazine.com — 03.12.2025 12:35