Advancing Coordinated Vulnerability Disclosure (CVD) Practices for the CRA
Horizontal standards for vulnerability requirements
What does the work you will carry out for the CYBERSTAND SSP consist of?
The work focuses on improving the implementation of Coordinated Vulnerability Disclosure (CVD) in line with the Cyber Resilience Act (CRA). This includes analyzing existing standards (ISO/IEC 29147, ISO/IEC 30111, and ETSI EN 303 645), developing a practical adoption guide, and presenting recommendations to the pertinent working groups.
What is the expected result and impact of this activity?
The expected result is a clear and actionable guide for organizations to comply with the CRA, identifying regulatory gaps and proposing concrete solutions. The impact will be represented through improved regulatory clarity, enhanced vulnerability management, and a stronger, more secure digital ecosystem in Europe.
Which aspects of the Cyber Resilience Act (CRA) standardisation are you focusing on?
The work focuses on the standardization of vulnerability handling, particularly in the adoption of CVD policies as required by CRA, ensuring coherence across standards and their application in sectors like IoT.
