Some may criticize regulations, but the EU-mandated cyber-resilience act (CRA) actually forced companies to have a clear contact point for vulnerabilities reporting, and to act upon it.
2026-09-11, save the date folks. That's when all companies selling products with digital elements in the EU have to have a reporting pipeline for actively exploited vulnerabilities and severe incidents.