Developers Alliance Joins Experts in Urging EU Lawmakers to Revisit Vulnerability Disclosure Rules in the Proposed EU Cyber Resilience Act

President and CEO of Developers Alliance, Bruce Gustafson, has co-signed a joint letter with industry experts calling the EU lawmakers to reconsider the vulnerability disclosure requirements under the proposed EU Cyber Resilience Act (CRA).

Article 11 of the CRA requires software publishers to disclose unpatched vulnerabilities to government agencies within 24 hours of exploitation.

Key Facts

This raises serious risks such as:

  • misuse for intelligence and surveillance
  • exposure to malicious actors
  • a chilling effect on good-faith researchers.

The cybersecurity experts recommend that Article 11, paragraph 1, be either removed in its entirety or revised to address the issues mentioned above.

The letter can be read here.

The following quote can be attributed to Bruce Gustafson, President and CEO of Developers Alliance:

“Putting up a billboard saying the locks are broken on your neighbor’s front door isn’t a smart security practice. The software community has developed a robust and time-tested procedure for reporting and acting on product security issues; at its core it provides a critical window for creating and propagating a fix before making a weakness public and inviting bad actors to exploit it. The fact that the experts with the most knowledge are all warning against this policy change should be warning enough for lawmakers to avoid a mistake that puts the public at risk.

###

About The Developers Alliance

The Developers Alliance is the world’s leading advocate for software developers and the companies invested in their success. Alliance members include industry leaders in consumer, enterprise, industrial, and emerging software development, and a global network of more than 75,000 developers.

Press Contact
Heather Coull
Head of Marketing and Communications
617-688-0440
heather@developersalliance.org

Avatar photo

By Bruce Gustafson

Bruce is the President and CEO of the Developers Alliance, the leading advocate for the global developer workforce and the companies that depend on them. Bruce is also the founder of the Loquitur Group, a DC consulting firm, and the former VP and head of the DC Policy office of Ericsson, a global information and communications technology company, focusing on IPR, privacy, IoT, spectrum, cybersecurity and the impact of technology and the digital economy. He has previously held senior leadership positions in marketing and communications at both Ericsson and Nortel, as well as senior roles in strategy and product management across wireless, optical and enterprise communication product portfolios.

Related Content

Developers Alliance Joins Call for EU Policymakers to Swiftly Adopt the Extension of the Interim ePrivacy Derogation

Developers Alliance Joins Call for EU Policymakers to Swiftly Adopt the Extension of the Interim ePrivacy Derogation

Developers Alliance’s Reaction to the Political Agreement on the New EU Law on Liability for Defective Products

Developers Alliance’s Reaction to the Political Agreement on the New EU Law on Liability for Defective Products

A Busy Regulatory End of the Year in Europe 

A Busy Regulatory End of the Year in Europe 

Join the Alliance. Protect your interests.

©2023 Developers Alliance All Rights Reserved.