EN
  • Cyber stability
  • Secops
  • Risks management
  • Digital transformation
  • Digital Sovereignty
  • Cybercrime
  • Industry and OT
  • Fraud
  • Digital identity
  • Cyber +
    • Cyber Resilience Act: cyber experts opposed to vulnerability disclosures

    Cyber Resilience Act: cyber experts opposed to vulnerability disclosures

    Written by
    The Editorial Team
    10.09.23
    Digital Sovereignty
    01
    MIN
    Cyber Resilience Act: cyber experts opposed to vulnerability disclosures
    Cyber Resilience Act: cyber experts opposed to vulnerability disclosures
    Cyber Resilience Act: cyber experts opposed to vulnerability disclosures
    Image DORA: A Structural Revolution is underway
    Digital Sovereignty
    01.24.25 Digital Sovereignty
    Next article
    DORA: A Structural Revolution is underway
    Read
    06
    MIN
    Image Yann Bonnet: "Reflections and Perspectives for Campus Cyber"
    Cybersecurity
    01.05.25 Cybersecurity
    Next article
    Yann Bonnet: “Reflections and Perspectives for Campus Cyber”
    Read
    09
    MIN
    Image United States: A tech opponent to lead the Justice department's Antitrust division
    Digital Sovereignty
    12.09.24 Digital Sovereignty
    Next article
    United States: A tech opponent to lead the Justice department’s Antitrust division
    Read
    02
    MIN
    Image Linking health insurance card and Id Card: a good idea to combat social fraud?
    Digital Sovereignty
    11.19.24 Digital Sovereignty
    Next article
    Linking health insurance card and Id Card: a good idea to combat social fraud?
    Read
    04
    MIN

    European bill will require software publishers to disclose any uncovered vulnerability to government agencies.

    Around fifty cybersecurity experts have asked European authorities to review the vulnerability disclosure requirement of the Cyber Resilience Act (CRA), in an open letter published on October 3, 2023. The petitioners are demanding the removal, or at least serious revision, of the European bill’s Article 11, which is currently under discussion.

    Indeed, the article requires software publishers to disclose their unpatched vulnerabilities to European governing bodies within 24 hours of their discovery. “This means dozens of government agencies would have access, in real time, to a database of software programs that have yet to be patched,” reads the letter.

    According to cyber experts, rushing the disclosure process in such a way entails three major risks:

    • EU governments exploiting the vulnerabilities for intelligence or espionage purposes;
    • threat actors attempting to steal the unpatched vulnerability databases;
    • a disruption of the partnership between researchers who track vulnerabilities and software publishers.

    Moreover, the petitioners highlight that “the CRA already requires software publishers to mitigate vulnerabilities without delay (…). We support this requirement, but call for a responsible and coordinated disclosure process, which balances the need for transparency and the need for security.”

    The Editorial Team
    10.09.23
    Articles by the same author:
    1
    02.06.25 Cyber +
    Sophos completes the acquisition of Secureworks for $859 million
    Read
    01
    MIN
    2
    02.06.25 Fraud
    The FBI and Dutch police dismantle the phishing group The Manipulaters
    Read
    02
    MIN
    3
    02.03.25 Cyber stability
    Paragon spyware targeted WhatsApp users
    Read
    01
    MIN
    4
    02.03.25 Cybercrime
    Europol coordinated the takedown of the cybercriminal forums Cracked and Nulled
    Read
    01
    MIN
    Image DORA: A Structural Revolution is underway
    Digital Sovereignty
    01.24.25 Digital Sovereignty
    Next article
    DORA: A Structural Revolution is underway
    Read
    06
    MIN
    Image Yann Bonnet: "Reflections and Perspectives for Campus Cyber"
    Cybersecurity
    01.05.25 Cybersecurity
    Next article
    Yann Bonnet: “Reflections and Perspectives for Campus Cyber”
    Read
    09
    MIN
    Image United States: A tech opponent to lead the Justice department's Antitrust division
    Digital Sovereignty
    12.09.24 Digital Sovereignty
    Next article
    United States: A tech opponent to lead the Justice department’s Antitrust division
    Read
    02
    MIN
    Image Linking health insurance card and Id Card: a good idea to combat social fraud?
    Digital Sovereignty
    11.19.24 Digital Sovereignty
    Next article
    Linking health insurance card and Id Card: a good idea to combat social fraud?
    Read
    04
    MIN
    Stay tuned in real time
    Subscribe to
    the newsletter
    By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.
    Stay tuned in real time
    Subscribe to
    the newsletter
    By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.