EU Urged to Reconsider Cyber Resilience Act’s Bug Reporting within 24 Hours

October 3, 2023 | A group of 56 cybersecurity leaders, including professionals from ESET, Rapid7, the Electronic Frontier Foundation, and Google’s Vint Cerf, have criticized the European Union’s (EU) proposed one-day vulnerability disclosure requirement under the Cyber Resilience Act (CRA). In an open letter, they argue that the CRA’s requirement for software publishers to disclose unpatched vulnerabilities to government agencies within 24 hours of exploitation could create a tempting target for malicious actors and have a chilling effect on good-faith security researchers. They suggest that disclosing vulnerabilities prematurely may interfere with the coordination and collaboration between software publishers and security researchers.

Read full article

Newsletter Signup

Stay up-to-date on the latest resources and news from CRITICALSTART.
Benchmark your cybersecurity against peers with our Free Quick Start Risk Assessments tool!
This is default text for notification bar