A group of cybersecurity experts have sent an open letter to EU officials, urging them to reconsider the vulnerability disclosure programs (VDPs) requirements for organizations in the proposed Cyber Resilience Act (CRA). While the inclusion of VDPs is a fundamental component of European cyber-resilience, the CRA has flaws due to potential risks such as exposure to malicious actors, chilling effect on good faith researchers, and misuse of vulnerability information. The Act requires software manufacturers to notify ENISA of vulnerabilities being actively exploited within 24 hours, which could lead to widespread knowledge about unmitigated vulnerabilities and create a tempting target for malicious actors.
In a related post, The Register reports on concerns within the open-source software community, who fear the CRA will strangle software development.
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 4,350 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.