|
|
|
|
|
|
by jahav
900 days ago
|
|
|
That is already part of CRA: > It is of particular importance for manufacturers to ensure that their products do not contain vulnerable components developed by third parties. > Manufacturers shall, upon identifying a vulnerability in a component, including in an open source component, which is integrated in the product with digital elements, report the vulnerability to the person or entity maintaining the component. EDIT: Also, I concur the poster below. It's developers who oppose against management to allocate time for bugs and technical debt instead of new features. |
|
|