Dozens of global cybersecurity experts have raised concerns about the proposed vulnerability disclosure requirements of the EU’s Cyber Resilience Act (CRA). An open letter signed by representatives from a wide range of organizations including Google, the Electronic Frontier Foundation, the CyberPeace Institute, ESET, Rapid7, Bugcrowd, and Trend Micro claimed that the current provisions on vulnerability disclosure are counterproductive and will create new threats that undermine the security of digital products and the individuals who use them.
