cyber resiliance act
Open Letter: Make vulnerability disclosure in the Cyber Resilience Act more secure, not less
The CRA would require organisations to disclose software vulnerabilities to government agencies within 24 hours of exploitation. However, such recently exploited vulnerabilities are unlikely to be mitigated within such a short time, leading to real-time databases of software with unmitigated vulnerabilities in the possession of potentially dozens of government agencies. Read the open letter.