Developers Alliance has joined a coalition of diverse national, European and international associations active across different sectors in raising concerns on unpatched vulnerability reporting in the Cyber Resilience Act.
Key Facts:
- The statement refers to the proposed extension of vulnerability reporting to unpatched vulnerabilities in the Cyber Resilience Act, a draft regulation currently in the legislative process.
- A legal obligation to report unpatched vulnerabilities is disproportionate and incentivizes malicious actors for further attacks. The risk is increased by the centralization of reported data
- The co-legislators are encouraged to focus instead on the reporting of patched vulnerabilities that have been actively exploited and pose a significant cybersecurity risk.
The statement can be found here.*
The following quote can be attributed to Karina Stan, Director of EU Policy of the Developers Alliance:
“A mandatory disclosure of unmitigated vulnerabilities will actually undermine the Cyber Resilience Act’s objective to boost the security of digital products. We encourage EU lawmakers to fix such flaws in the proposal and adopt a proportionate and viable legal framework.”
###
About The Developers Alliance
The Developers Alliance is the world’s leading advocate for software developers and the companies invested in their success. Alliance members include industry leaders in consumer, enterprise, industrial, and emerging software development, and a global network of more than 75,000 developers.
Press Contact
Heather Coull
Head of Marketing and Communications
617-688-0440
heather@developersalliance.org
