Vulnerability Coordination Under the Cyber Resilience Act

• URL: http://arxiv.org/abs/2412.06261v1
• Date: Mon, 09 Dec 2024 07:19:30 GMT
• Title: Vulnerability Coordination Under the Cyber Resilience Act
• Authors: Jukka Ruohonen, Paul Timmers,
• Abstract summary: The Cyber Resilience Act (CRA) was recently agreed upon in the European Union (EU)<n>It imposes many new cyber security requirements practically to all information technology products.<n>The paper examines and elaborates the CRA's new requirements for vulnerability coordination, including vulnerability disclosure.
• Score: 0.21485350418225244
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: A new Cyber Resilience Act (CRA) was recently agreed upon in the European Union (EU). It imposes many new cyber security requirements practically to all information technology products, whether hardware or software. The paper examines and elaborates the CRA's new requirements for vulnerability coordination, including vulnerability disclosure. Although these requirements are only a part of the CRA's obligations for vendors, also some new vulnerability coordination mandates are present, including particularly with respect to so-called actively exploited vulnerabilities. The CRA further alters the coordination practices on the side of public administrations. With the examination, elaboration, and associated discussion, the paper contributes to the study of cyber security regulations, providing also a few practical takeaways.

Related papers

• From Cyber Security Incident Management to Cyber Security Crisis Management in the European Union [0.19116784879310028]
  Recently, the European Union (EU) has started to consider also the relation between cyber security incidents and cyber security crises. The paper advances the domain of cyber security incident management research by elaborating how European law perceives cyber security crises and their relation to cyber security incidents.
  arXiv  Detail & Related papers  (2025-04-19T08:03:29Z)
• A Mapping Analysis of Requirements Between the CRA and the GDPR [0.19116784879310028]
  The Cyber Resilience Act (CRA) was recently agreed upon by the European Union (EU) Union. This paper contributes to requirements engineering research specialized into legal requirements, demonstrating how new laws may affect existing requirements.
  arXiv  Detail & Related papers  (2025-03-03T18:42:12Z)
• Open Problems in Machine Unlearning for AI Safety [61.43515658834902]
  Machine unlearning -- the ability to selectively forget or suppress specific types of knowledge -- has shown promise for privacy and data removal tasks. In this paper, we identify key limitations that prevent unlearning from serving as a comprehensive solution for AI safety.
  arXiv  Detail & Related papers  (2025-01-09T03:59:10Z)
• Position: A taxonomy for reporting and describing AI security incidents [57.98317583163334]
  We argue that specific are required to describe and report security incidents of AI systems. Existing frameworks for either non-AI security or generic AI safety incident reporting are insufficient to capture the specific properties of AI security.
  arXiv  Detail & Related papers  (2024-12-19T13:50:26Z)
• Securing Legacy Communication Networks via Authenticated Cyclic Redundancy Integrity Check [98.34702864029796]
  We propose Authenticated Cyclic Redundancy Integrity Check (ACRIC) ACRIC preserves backward compatibility without requiring additional hardware and is protocol agnostic. We show that ACRIC offers robust security with minimal transmission overhead ( 1 ms)
  arXiv  Detail & Related papers  (2024-11-21T18:26:05Z)
• Coordinated Flaw Disclosure for AI: Beyond Security Vulnerabilities [1.3225694028747144]
  We propose a Coordinated Flaw Disclosure framework tailored to the complexities of machine learning (ML) issues. Our framework introduces innovations such as extended model cards, dynamic scope expansion, an independent adjudication panel, and an automated verification process. We argue that CFD could significantly enhance public trust in AI systems.
  arXiv  Detail & Related papers  (2024-02-10T20:39:04Z)
• Service Level Agreements and Security SLA: A Comprehensive Survey [51.000851088730684]
  This survey paper identifies state of the art covering concepts, approaches, and open problems of SLA management. It contributes by carrying out a comprehensive review and covering the gap between the analyses proposed in existing surveys and the most recent literature on this topic. It proposes a novel classification criterium to organize the analysis based on SLA life cycle phases.
  arXiv  Detail & Related papers  (2024-01-31T12:33:41Z)
• A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
  The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure. This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus. We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
  arXiv  Detail & Related papers  (2024-01-19T14:52:04Z)
• The risks of risk-based AI regulation: taking liability seriously [46.90451304069951]
  The development and regulation of AI seems to have reached a critical stage. Some experts are calling for a moratorium on the training of AI systems more powerful than GPT-4. This paper analyses the most advanced legal proposal, the European Union's AI Act.
  arXiv  Detail & Related papers  (2023-11-03T12:51:37Z)
• Building a Resilient Cybersecurity Posture: A Framework for Leveraging Prevent, Detect and Respond Functions and Law Enforcement Collaboration [0.0]
  This research paper compares and contrasts the CyRLEC Framework with the NIST Cybersecurity Framework. The CyRLEC Framework takes a broader view of cybersecurity, including proactive prevention, early detection, rapid response to cyber-attacks, and close collaboration with law enforcement agencies.
  arXiv  Detail & Related papers  (2023-03-20T05:16:54Z)
• The Opportunity to Regulate Cybersecurity in the EU (and the World): Recommendations for the Cybersecurity Resilience Act [1.2691047660244335]
  Safety is becoming cybersecurity under most circumstances. This should be reflected in the Cybersecurity Resilience Act when it is proposed and agreed upon in the European Union. It is based on what the cybersecurity research community for long have asked for, and on what constitutes clear hard legal rules instead of soft.
  arXiv  Detail & Related papers  (2022-05-26T07:20:44Z)
• Proceedings of the Artificial Intelligence for Cyber Security (AICS) Workshop at AAAI 2022 [55.573187938617636]
  The workshop will focus on the application of AI to problems in cyber security. Cyber systems generate large volumes of data, utilizing this effectively is beyond human capabilities.
  arXiv  Detail & Related papers  (2022-02-28T18:27:41Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.