Why I'm in Favor of the EU Cyber Resilience Act and You Should Be Too

I like the EU Cyber Resilience Act! There, I said it! Yes, this will make companies nervous in the short term, but this regulation is a watershed moment that will fundamentally shift how digital products are secured and maintained! This will FORCE the industry to adapt in more transparent and accountable ways.

I don’t like regulations in the tech world but will support such extreme measures when companies are not doing what is best for their customers. In this case, the industry has chosen not to voluntarily support good security practices such as these in the past. They often keep customers in the dark when attackers are running rampant and exploiting weaknesses in their products until they have a fix ready. Customers, if informed in a timely way, may be able to mitigate risks in other ways while waiting for a patch. But not if the company purposely chooses to keep them in the dark. So now, customers may be able to hold manufacturers accountable if they choose not to be forthcoming.

There are several aspects to this act which is designed to inform and protect consumers of digital products:

1. Notification of exploitation (when vulnerabilities are being used by attackers to victimize targets)

2. Security patching support for the lifetime of the product

3. Differentiation between security and functionality updates where feasible

Those companies who are worried about reporting, when attackers are exploiting vulnerabilities in their products, are basically saying they don’t want their customers to be aware.

I find the arguments against this act are outdated. My favorite illogical argument is that “if we report when our products are exploited, then attackers will exploit them more” Um, the genie is already out of the bottle. How about doing the decent thing and informing your customers that they are at serious risk of being victimized!

E-mail me when people leave their comments –

CISO and Cybersecurity Strategist

You need to be a member of CISO Platform to add comments!

Join CISO Platform

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)
 

 

 

Best of the World Talks on The CISO's Journey: From Expert to Leader

  • Description:

    We are hosting an exclusive "Best of the World" Talks session on "The CISO’s Journey: From Expert to Leader" featuring David B. Cross (SVP & CISO at Oracle), Bikash Barai (Co-founder of CISO Platform & FireCompass) & David Randleman (Field CISO at FireCompass).

    The journey from cybersecurity expert to strategic leader is a transformative one for CISOs. This session delves into the stages of a CISO’s evolution, the balance…

  • Created by: Biswajit Banerjee
  • Tags: ciso