* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Wednesday, June 4, 2025
Earth-News
  • Home
  • Business
  • Entertainment
    California Mid-State Fair announces entertainment lineups for Frontier and Mission stages – KSBY News

    Exciting Entertainment Lineup Unveiled for California Mid-State Fair’s Frontier and Mission Stages!

    Spotify & OpenAI: Will Gen AI ‘Hollow Out’ Entertainment? – Technology Magazine

    Will Generative AI Transform the Future of Entertainment

    Author Richard Russo Will Speak At Sandwich Town Hall – CapeNews.net

    Join Us for an Inspiring Evening with Author Richard Russo at Sandwich Town Hall!

    Entertainment Partners Acquires CASHét, Digital Payments Vendor for Productions – Variety

    Entertainment Partners Acquires CASHét, Digital Payments Vendor for Productions – Variety

    Salem’s Harborwalk Garden Cultivates Community with Entertainment, Food, and Events – 105.7 WROR

    Discover the Vibrant Community Spirit at Salem’s Harborwalk Garden: A Hub for Entertainment, Food, and Fun!

    Entertainment-Focused Narrative and Culture Change Practice – New America

    Transforming Culture Through Engaging Entertainment Narratives

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    When fiction becomes fact: 3 pieces of modern technology inspired by Star Trek – Redshirts Always Die

    From Screen to Reality: 3 Modern Technologies Inspired by Star Trek

    The Isfahan Center for Nuclear Technology – UCF, ZPP, and IRR10 – Alma Research and Education Center

    Exploring the Isfahan Center for Nuclear Technology: Innovations and Insights from UCF, ZPP, and IRR10

    Inside the tedious effort to tally AI’s energy appetite – MIT Technology Review

    Inside the tedious effort to tally AI’s energy appetite – MIT Technology Review

    Finland Set to Lead EU Quantum Technology Defense Project – IoT World Today

    Finland Set to Lead EU Quantum Technology Defense Project – IoT World Today

    AI for lawyers: Win back your time using technology – nationaljurist.com

    Reclaim Your Time: How AI is Transforming the Legal Profession

    Prosecutors accuse men of exporting U.S. military technology to China – Milwaukee Journal Sentinel

    Men Charged with Illegally Exporting U.S. Military Technology to China

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment
    California Mid-State Fair announces entertainment lineups for Frontier and Mission stages – KSBY News

    Exciting Entertainment Lineup Unveiled for California Mid-State Fair’s Frontier and Mission Stages!

    Spotify & OpenAI: Will Gen AI ‘Hollow Out’ Entertainment? – Technology Magazine

    Will Generative AI Transform the Future of Entertainment

    Author Richard Russo Will Speak At Sandwich Town Hall – CapeNews.net

    Join Us for an Inspiring Evening with Author Richard Russo at Sandwich Town Hall!

    Entertainment Partners Acquires CASHét, Digital Payments Vendor for Productions – Variety

    Entertainment Partners Acquires CASHét, Digital Payments Vendor for Productions – Variety

    Salem’s Harborwalk Garden Cultivates Community with Entertainment, Food, and Events – 105.7 WROR

    Discover the Vibrant Community Spirit at Salem’s Harborwalk Garden: A Hub for Entertainment, Food, and Fun!

    Entertainment-Focused Narrative and Culture Change Practice – New America

    Transforming Culture Through Engaging Entertainment Narratives

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    When fiction becomes fact: 3 pieces of modern technology inspired by Star Trek – Redshirts Always Die

    From Screen to Reality: 3 Modern Technologies Inspired by Star Trek

    The Isfahan Center for Nuclear Technology – UCF, ZPP, and IRR10 – Alma Research and Education Center

    Exploring the Isfahan Center for Nuclear Technology: Innovations and Insights from UCF, ZPP, and IRR10

    Inside the tedious effort to tally AI’s energy appetite – MIT Technology Review

    Inside the tedious effort to tally AI’s energy appetite – MIT Technology Review

    Finland Set to Lead EU Quantum Technology Defense Project – IoT World Today

    Finland Set to Lead EU Quantum Technology Defense Project – IoT World Today

    AI for lawyers: Win back your time using technology – nationaljurist.com

    Reclaim Your Time: How AI is Transforming the Legal Profession

    Prosecutors accuse men of exporting U.S. military technology to China – Milwaukee Journal Sentinel

    Men Charged with Illegally Exporting U.S. Military Technology to China

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Technology

Cyber experts urge EU to rethink vulnerability disclosure plans

October 8, 2023
in Technology
Cyber experts urge EU to rethink vulnerability disclosure plans
Share on FacebookShare on Twitter

The European Union’s proposed cyber security vulnerability disclosure measures are well-intentioned but ultimately counterproductive, as making unmitigated vulnerabilities public knowledge increases the risk of their exploitation by various actors, experts claim

Sebastian Klovig Skelton

By

Sebastian Klovig Skelton,
Senior reporter

Published: 03 Oct 2023 14:15

Dozens of cyber security experts are urging the European Union (EU) to reconsider the “counterproductive” vulnerability disclosure requirements in its proposed Cyber Resilience Act (CRA), which they say opens the door to misuse by both threat actors and intelligence agencies.

Introduced in September 2022 by the European Commission (EC), the act builds on the EU’s cyber security Strategy and Security Union Strategy, and is intended to improve the security of all connected digital devices and the software they run for consumers across the bloc.

It imposes mandatory cyber security requirements and obligations on manufacturers by obliging them to provide ongoing security support and software patches, and to provide sufficient information to consumers about the security of their products.

On vulnerability disclosures specifically, Article 11 of the CRA states that software manufactures must notify the European Union Agency for cyber security (ENISA) of any vulnerabilities within 24 hours of their exploitation.

In an open letter to various EU officials – including Nicola Danti, the rapporteur for the CRA in the European Parliament; Thierry Breton, commissioner for internal market at the EC; and Carme Artigas Burga, Spain’s state secretary for digitalisation and artificial intelligence – dozens of cyber security exerts from a range of public and private sector organisations said the CRA’s disclosure provisions will create new threats that undermine the security of digital products and the individuals who use them.

“[Article 11] means that dozens of government agencies would have access to a real-time database of software with unmitigated vulnerabilities, without the ability to leverage them to protect the online environment and simultaneously creating a tempting target for malicious actors,” they wrote, adding there are several risks associated with rushing the disclosure process and widely disseminating information about unmitigated vulnerabilities.

This includes the potential for misuse by European governments, an increased risk of vulnerabilities being disclosed to malicious threat actors, and its potentially chilling effect on good faith security research.

“Government access to a wide range of unmitigated software vulnerabilities could be misused for intelligence or surveillance purposes. The absence of restrictions on offensive uses of vulnerabilities disclosed through the CRA and the absence of transparent oversight mechanism in almost all EU member states open the doors to potential misuse,” they wrote.

“Breaches and the subsequent misuse of government-held vulnerabilities are not a theoretical threat, but have happened at some of the best protected entities in the world. While the CRA does not require a full technical assessment to be disclosed, even the knowledge of a vulnerability’s existence is sufficient for a skillful person to reconstruct it.”

On how it affects security research, the cyber security experts added the disclosure measures may interfere with collabroaiton between software publishers and security resaearchers, who need time to veriy, test and patch vulnerabilities before making them public knowledge.

“As a result, the CRA may reduce the receptivity of manufacturers to vulnerability disclosures from security researchers, and may discourage researchers from reporting vulnerabilities, if each disclosure triggers a wave of government notifications,” they wrote.

“While the intention behind disclosing vulnerabilities promptly may be to facilitate mitigation, CRA already requires software publishers to mitigate vulnerabilities without delay in a separate provision. We support this obligation, but also advocate for a responsible and coordinated disclosure process that balances the need for transparency with the need for security.”

As an alternative, the experts recommend adopting a “risk-based approach” that takes into account the severity of the vulnerability, the availability of mitigations, the potential impact on end users, and the likelihood of its broader exploitation.

As such, they have also recommended either completely removing the Article 11 provisions, or at least revising them to protect against the threats they outlined.

The additional revisions suggested include explicitly prohibiting government agencies from using or sharing disclosed vulnerabilities for intelligence or surveillance purposes; changing the reporting requirements to only include mitigatable vulnerabilities within 72 hours of a patch; and to completely exclude reporting of vulnerabilities identified through good faith security research.

“In contrast to malicious exploitation of a vulnerability, good faith security research does not pose a security threat,” they wrote, adding that ISO/IEC 29147 should be reference in the CRA and used as a baseline for all EU vulnerability reporting.

Alex Rice, co-founder and chief technology officer at HackerOne, added that while the intentions of the legislation are good, the proposed disclosure requirements directly conflict with established best practice in the area.

“Reporting highly sensitive data into only a handful of EU government agencies creates a strong incentive for bad actors to breach those hubs and acquire vulnerabilities to attack susceptible organisations – among a whole host of other risks. An increased risk of breach for organisations will also significantly complicate managing reports from the security researcher community, making organisations less receptive to good-faith security research,” he said.

“Everyone suffers when these vulnerabilities are prematurely reported. Parliament should revise the CRA only to require disclosure once vulnerabilities are patched.”

In June 2023, the European Digital Rights Group (EDRi) and 10 other civil society groups wrote a similar open letter raising concerns about the disclosure of unmitigated vulnerabilities.

“Such recently exploited vulnerabilities are unlikely to be mitigated within such a short time, leading to real-time databases of software with unmitigated vulnerabilities in the possession of potentially dozens of government agencies,” they wrote at the time.

“The more this kind of information is spread, the more likely it is to be misused for state intelligence or offensive purposes, or to be inadvertently exposed to adversaries before a mitigation is in place. In addition, laws that require disclosure of unmitigated vulnerabilities to government agencies create an international precedent that may be reflected by other countries.”

Read more on IT governance


Microsoft: Nation-state cyber espionage on rise in 2023

SebastianKlovig Skelton

By: Sebastian Klovig Skelton


Infosec experts divided on SEC four-day reporting rule

ArielleWaldman

By: Arielle Waldman


US cyber breach reporting rules to have global impact

AlexScroxton

By: Alex Scroxton


Hacking Policy Council launches, aims to improve bug disclosure

AlexanderCulafi

By: Alexander Culafi

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : Computer Weekly – https://www.computerweekly.com/news/366554133/Cyber-experts-urge-EU-to-rethink-vulnerability-disclosure-plans

Tags: CyberExpertstechnology
Previous Post

Amnesia hides names of individuals behind Post Office’s ‘head on a spike’ strategy

Next Post

IT decision-makers confident they can handle tech disruptions

Nvidia reclaims crown as world’s most valuable company as $1 trillion rally continues – Yahoo Finance

Nvidia reclaims crown as world’s most valuable company as $1 trillion rally continues – Yahoo Finance

June 4, 2025
Americans Are Worried About These 3 Aspects of the Economy — Should They Be? – MSN

Are Americans Right to Worry? Unpacking 3 Key Economic Concerns

June 4, 2025
California Mid-State Fair announces entertainment lineups for Frontier and Mission stages – KSBY News

Exciting Entertainment Lineup Unveiled for California Mid-State Fair’s Frontier and Mission Stages!

June 4, 2025
Altera Digital Health Collaborates With MCAG Amid $2.8B Blue Cross Blue Shield Provider Settlement – Business Wire

Altera Digital Health Teams Up with MCAG Following Major $2.8B Blue Cross Blue Shield Settlement

June 4, 2025
Appeals court upholds New York’s Reproductive Health Act – Spectrum News

Victory for Women’s Rights: Appeals Court Affirms New York’s Reproductive Health Act

June 4, 2025
When fiction becomes fact: 3 pieces of modern technology inspired by Star Trek – Redshirts Always Die

From Screen to Reality: 3 Modern Technologies Inspired by Star Trek

June 4, 2025
Busy summer sports slate includes Jake Paul vs. Julio Caesar Chavez, Canelo-Crawford bout – El Paso Times

Busy summer sports slate includes Jake Paul vs. Julio Caesar Chavez, Canelo-Crawford bout – El Paso Times

June 4, 2025
Experimental ecology and the balance between realism and feasibility in aquatic ecosystems – Nature

Experimental ecology and the balance between realism and feasibility in aquatic ecosystems – Nature

June 4, 2025
The Science of Scent: How Israeli Innovation is Redefining Perfume and Wellness – The Jerusalem Post

Unlocking the Power of Scent: How Israeli Innovations are Transforming Perfume and Wellness

June 4, 2025
Accidental discovery at New York planetarium unlocks secret into universe’s inner workings – PBS

Serendipitous Find at New York Planetarium Reveals Secrets of the Universe!

June 4, 2025

Categories

Archives

June 2025
MTWTFSS
 1
2345678
9101112131415
16171819202122
23242526272829
30 
« May    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (665)
  • Economy (680)
  • Entertainment (21,586)
  • General (15,261)
  • Health (9,722)
  • Lifestyle (682)
  • News (22,149)
  • People (680)
  • Politics (689)
  • Science (15,899)
  • Sports (21,184)
  • Technology (15,666)
  • World (667)

Recent News

Nvidia reclaims crown as world’s most valuable company as $1 trillion rally continues – Yahoo Finance

Nvidia reclaims crown as world’s most valuable company as $1 trillion rally continues – Yahoo Finance

June 4, 2025
Americans Are Worried About These 3 Aspects of the Economy — Should They Be? – MSN

Are Americans Right to Worry? Unpacking 3 Key Economic Concerns

June 4, 2025
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version