Joint Industry Statement on Vulnerability Reporting Under the Cyber Resilience Act

Developers Alliance has joined a coalition of diverse national, European and international associations active across different sectors in raising concerns on unpatched vulnerability reporting in the Cyber Resilience Act.

Key Facts:

The statement refers to the proposed extension of vulnerability reporting to unpatched vulnerabilities in the Cyber Resilience Act, a draft regulation currently in the legislative process.
A legal obligation to report unpatched vulnerabilities is disproportionate and incentivizes malicious actors for further attacks. The risk is increased by the centralization of reported data
The co-legislators are encouraged to focus instead on the reporting of patched vulnerabilities that have been actively exploited and pose a significant cybersecurity risk.

The statement can be found here.*

The following quote can be attributed to Karina Stan, Director of EU Policy of the Developers Alliance:

“A mandatory disclosure of unmitigated vulnerabilities will actually undermine the Cyber Resilience Act’s objective to boost the security of digital products. We encourage EU lawmakers to fix such flaws in the proposal and adopt a proportionate and viable legal framework.”

###

About The Developers Alliance

The Developers Alliance is the world’s leading advocate for software developers and the companies invested in their success. Alliance members include industry leaders in consumer, enterprise, industrial, and emerging software development, and a global network of more than 75,000 developers.

Press Contact

Heather Coull
Head of Marketing and Communications
617-688-0440
heather@developersalliance.org

By Karina Nimară

Director of EU Policy and Head of Brussels Office - Karina previously served as Legal Advisor and Internal Market attaché at the Permanent Representation of Romania to the EU. Prior to her work with the Romanian diplomatic mission, Karina spent ten years in European Union affairs within the Romanian Government. While there she coordinated, inter alia, the process for transposition and implementation of EU legislation. Karina holds a law degree and specializes in EU law and policies. Based in the Alliance’s Brussels office, she's a tech enthusiast, enjoying the dawn of the Age of Artificial Intelligence. Other than robots, she's fascinated with cats and owls.

View all of Karina Nimară's posts.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Joint Industry Statement on Vulnerability Reporting Under the Cyber Resilience Act

By Karina Nimară

Leave a comment Cancel reply

Related Content

Developers Alliance Joins Call for EU Policymakers to Swiftly Adopt the Extension of the Interim ePrivacy Derogation

Developers Alliance’s Reaction to the Political Agreement on the New EU Law on Liability for Defective Products

A Busy Regulatory End of the Year in Europe

Join the Alliance. Protect your interests.