As concerned cybersecurity experts who have dedicated our lives to improving the security of the online environment, we urge you to reconsider the vulnerability disclosure requirements under the proposed EU Cyber Resilience Act (CRA). While we appreciate the CRA’s aim to enhance cybersecurity in Europe and beyond, we believe that the current provisions on vulnerability disclosure are counterproductive and will create new threats that undermine the security of digital products and the individuals who use them.

Download Full Text Below

Read Next

EU’s Cyber Resilience Act Enters Into Force

New product cybersecurity requirements are coming to the EU single market after years of intense debate and negotiation in Brussels, as the European Union’s Cyber Resilience Act officially enters into force.

Through the Looking Glass: An Updated Vision for the Office of the National Cyber Director

The ONCD was established to advise the President on cybersecurity and has matured into a key component of cybersecurity policymaking. However, changes are needed to ensure the efficacy of the office, especially as it relates to other agencies.

A Partial Win for AI Red-Teaming from the Copyright Office

The U.S. Copyright Office clarified legal rules for AI trustworthiness research and red-teaming under Section 1201 of the Digital Millennium Copyright Act and AI red-teamers have cause to celebrate, however, there is some not-so-great news too.