Cyber Mavens Slam Europe’s Cyber Resilience Act>
– Mihir Bagwe
A group of 56 cybersecurity experts have written an open letter to the European Union (EU) expressing concerns about a proposed mandate for software publishers to report zero-day exploits to the EU cybersecurity agency within 24 hours.
The experts argue that this requirement, part of the Cyber Resilience Act, could harm cybersecurity efforts rather than enhance them.
They claim that sharing information about actively exploited vulnerabilities in real-time could lead to various negative consequences.
The letter highlights the risk of a real-time database of unmitigated vulnerabilities being accessed by multiple government agencies and potentially being targeted by hackers.
It also raises concerns about potential government misuse of the data for surveillance purposes.
The experts suggest that if the reporting requirement is not eliminated, certain measures should be implemented, such as prohibiting the use of exploit data for surveillance or offensive purposes, shifting the reporting deadline to 72 hours after patch issuance, and excluding vulnerabilities exploited for good faith security research from reporting requirements.
The letter signatories include executives from notable cybersecurity companies and experts in the field.
Link: https://www.devicesecurity.io/cyber-mavens-slam-europes-cyber-resilience-act-a-23223