Edri-cra-discussion June 2023

edri-cra-discussion@mailman.edri.org

5 participants
1 discussions

[Sign-on] Open letter on vulnerability disclosure in the CRA

by Jan Penfrat (EDRi)

Dear EDRis, Thank you for allowing me to cross-post this so everyone has seen it: While the overall work on the Cyber Resilience Act <https://edri.org/our-work/the-cyber-resilience-act-how-to-make-europe-more-…> is going rather well (as compared to other legislative dossiers I assume), one of the problems that still persists: The EP wants to compel manufacturers of connected devices to notify the EU's Agency for Cybersecurity ENISA <https://en.wikipedia.org/wiki/European_Union_Agency_for_Cybersecurity> about details of unpatched security vulnerabilities. Given EU member states' track record of state-sanctions hacking, we believe it's a bad idea to create government-run databases full of zero-day exploits. I have therefore drafted an open letter to lawmakers working on the CRA <https://cloud.edri.org/index.php/s/aK6BJD2DpTs2JkF> to fix that problem and would like to kindly ask you to *co-sign it individually if you can _by Monday, 12 June at noon_*. Please also let me know should you have any major concerns with the draft letter. Thanks a lot! Jan -- JAN PENFRAT SENIOR POLICY ADVISOR EUROPEAN DIGITAL RIGHTS Rue Belliard 12, B-1040 Brussels Matrix: @jan:penfrat.net Phone: +32 2 274 25 76 www.edri.org <https://www.edri.org>| Mastodon <https://eupolicy.social/@ilumium>| PGP <https://edri.org/files/pgp-keys/janpenfrat.asc> Subscribe to the EDRi-gram to become a digital rights connoisseur! <https://edri.org/take-action/edri-gram/> Subscribe to the EDRi-gram. <https://edri.org/take-action/edri-gram/>

10 months, 1 week

2024

2023

Edri-cra-discussion June 2023 ----- 2024 ----- April 2024 March 2024 February 2024 January 2024 ----- 2023 ----- December 2023 November 2023 October 2023 September 2023 August 2023 July 2023 June 2023 May 2023 April 2023 March 2023

Edri-cra-discussion June 2023