|
|
|
|
|
|
by smu
430 days ago
|
|
|
To provide some additional context to OP. In the CRA, there’s (among others): - reporting of actively exploited vulns or severe incidents to a national cert - reporting obligation of vulns to the provider of that vulnerable code - mandatory vulnerability disclosure policy (to receive vuln reports) - obligation to provide security updates and alert customers when a vuln has become known We’ll see how well this is all followed, but from a security perspective these are all good ideas. |
|
|