The EU Doesn't Understand CVD
·9 mins
Europe is putting cybersecurity at risk: not by neglect, but by misunderstanding. The EU’s current approach to CVD treats vulnerability reporters like trespassers instead of allies, and confuses Coordinated Vulnerability Disclosure with bug bounty programmes. The result? Fewer reports and more silent vulnerabilities. If we want NIS2 and the CRA to be sucessful, we must fix this. Fast.