The European Cyber Resilience Act
The European Cyber Resilience Act
Posted Sep 24, 2023 6:55 UTC (Sun) by riking (subscriber, #95706)Parent article: The European Cyber Resilience Act
> The obligation to notify about all issues also breaks normal disclosure processes. These days, vendors disclose vulnerabilities only after a fix is available. [..] The industry typically uses 90 days,
Note that the Google policy that set the 90-day standard uses 7 days for "actively exploited vulnerabilities".