European Union: Published ENISA report on Developing National Vulnerability Programmes 2023

On 16 February 2023, the European Union Agency for Cybersecurity (ENISA) published a second report on the EU Member States' Coordinated Vulnerability Disclosure (CVD) policies. The ENISA report aims to create an integrated approach in the European Union and address the high level of fragmentation of CVD policies and initiatives across EU Member States. The report includes policy recommendations while also providing an overview of technical, legal and collaborative challenges. The CVD is a process by which researchers work with information and communications technology vendors and infrastructure owners to inform them of security vulnerabilities. In this process, the vulnerabilities identified are made public after the vendor resolves them.