As concerned cybersecurity experts who have dedicated our lives to improving the security of the online environment, we urge you to reconsider the vulnerability disclosure requirements under the proposed EU Cyber Resilience Act (CRA). While we appreciate the CRA’s aim to enhance cybersecurity in Europe and beyond, we believe that the current provisions on vulnerability disclosure are counterproductive and will create new threats that undermine the security of digital products and the individuals who use them.
Download Full Text Below
Read Next
Beyond Buzzwords: What Public Views on Scanning and Encryption Mean for Policymakers
Public support for content scanning and encryption backdoors drops when tradeoffs are made clear. This survey of Nordic countries shows people prioritize privacy and security over harm detection, and lack trust in institutions to govern access.
Center for Cybersecurity Policy and Law to the European Commission: Proposed Measures on Search Data Sharing Raise Security Concerns
The Center for Cybersecurity Policy & Law issued comments in response to DMA.100209 – Alphabet – Article 6(11) -- warning of the security and privacy risks of proposed data sharing requirements.
Who Controls Whether Your AI Agents Can Be Found? Takeaways from RSA Roundtable on the AI Agent Discovery Gap
Agentic AI emerged as a defining theme at RSAC 2026 and among the many questions raised was how will AI agents discover one another and who determines whether they can be discovered at all?
