Contribution to Standards for Vulnerability Management and Security by Design
Horizontal standards for vulnerability requirements
Horizontal standards for security requirements
What does the work you will carry out for the CYBERSTAND SSP consist of?
The work consists of contributing to horizontal standards related to vulnerability handling, structured reporting, and traceability of security activities. This includes drafting input for harmonized processes around vulnerability lifecycle management, improving transparency across stakeholder roles, and ensuring alignment with real-world workflows used by security teams. The goal is to bring practical, field-tested insights into the standardization of reporting, coordination, and auditability processes that support secure product development and post-market security management.
What is the expected result and impact of this activity?
The expected result is a set of practical contributions to the standardization process under the Cyber Resilience Act, particularly in the area of secure vulnerability handling, reporting workflows, and end-user transparency. These contributions aim to strengthen harmonized European cybersecurity standards and improve secure-by-design implementation across digital products and services. The broader impact includes enhanced alignment with EU policy objectives, increased adoption of secure development practices, and better preparedness of organizations to meet CRA compliance and resilience goals.
Which aspects of the Cyber Resilience Act (CRA) standardisation are you focusing on?
The focus is on horizontal standards related to vulnerability handling and secure development processes. Specifically, structured vulnerability reporting, secure default configurations, and post-market security support. Additionally, the work includes contributions to improving auditability, traceability of security activities, and transparency between developers, security teams, and end-users.
