Joint statement raising concerns on unpatched vulnerability reporting in the Cyber Resilience Act

21 June 2023 - The proposed extension of vulnerability reporting to ‘unpatched’ vulnerabilities in the Cyber Resilience Act – meaning those to which there is no known fix – will severely harm our collective cybersecurity, rather than enhance it.
We – a diverse coalition of national, European and international associations active across different sectors - ask the European Parliament and Council to remove these obligations, and to instead focus on the reporting of patched vulnerabilities that have been actively exploited and pose a significant cybersecurity risk.

Download Joint Statement from Related Files