On the 16th of February 2023, the European Union Agency for Cybersecurity (ENISA) released a report that explores how to develop harmonised national vulnerability programmes and initiatives in the EU.
The report looks into the expectations of both industry and the Member States in relation to the NIS2’s objective. It also analyses the related legal, collaborative, technical challenges arising from such initiatives. Apart from insights on industry expectations, the findings feed into the guidelines ENISA and the NIS Cooperation Group intend to prepare to help EU Member States establish their national Coordinated Vulnerability Disclosure (CVD) policies. These guidelines would be focused on vulnerability management, dedicated processes and related responsibilities. With this research, ENISA seeks to find out how a harmonised approach across the EU can be achieved. The different options envisaged to do so will be discussed within the task force driving the project and consisting of ENISA together with the NIS cooperation group.
Find the report here.