Recital 58 Vulnerability disclosure

Since the exploitation of vulnerabilitiesmeans a weakness, susceptibility or flaw of ICT products or ICT services that can be exploited by a cyber threat; in network and information systemsmeans:an electronic communications network as defined in Article 2, point (1), of Directive (EU) 2018/1972;any device or group of interconnected or related devices, one or more of which, pursuant to a programme, carry out automatic processing of digital data; ordigital data stored, processed, retrieved or transmitted by elements covered under points (a) and (b) for the purposes of their operation, use, protection and maintenance; may cause significant disruption and harm, swiftly identifying and remedying such vulnerabilitiesmeans a weakness, susceptibility or flaw of ICT products or ICT services that can be exploited by a cyber threat; is an important factor in reducing riskmeans the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident;. Entitiesmeans a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; that develop or administer network and information systemsmeans:an electronic communications network as defined in Article 2, point (1), of Directive (EU) 2018/1972;any device or group of interconnected or related devices, one or more of which, pursuant to a programme, carry out automatic processing of digital data; ordigital data stored, processed, retrieved or transmitted by elements covered under points (a) and (b) for the purposes of their operation, use, protection and maintenance; should therefore establish appropriate procedures to handle vulnerabilitiesmeans a weakness, susceptibility or flaw of ICT products or ICT services that can be exploited by a cyber threat; when they are discovered. Since vulnerabilitiesmeans a weakness, susceptibility or flaw of ICT products or ICT services that can be exploited by a cyber threat; are often discovered and disclosed by third parties, the manufacturer or provider of ICT productsmeans an ICT product as defined in Article 2, point (12), of Regulation (EU) 2019/881; or ICT servicesmeans an ICT service as defined in Article 2, point (13), of Regulation (EU) 2019/881; should also put in place the necessary procedures to receive vulnerabilitymeans a weakness, susceptibility or flaw of ICT products or ICT services that can be exploited by a cyber threat; information from third parties. In that regard, international standardsmeans a standard as defined in Article 2, point (1), of Regulation (EU) No 1025/2012 of the European Parliament and of the Council(^29^);Regulation (EU) No 1025/2012 of the European Parliament and of the Council of 25 October 2012 on European standardisation, amending Council Directives 89/686/EEC and 93/15/EEC and Directives 94/9/EC, 94/25/EC, 95/16/EC, 97/23/EC, 98/34/EC, 2004/22/EC, 2007/23/EC, 2009/23/EC and 2009/105/EC of the European Parliament and of the Council and repealing Council decision 87/95/EEC and Decision No 1673/2006/EC of the European Parliament and of the Council (OJ L 316, 14.11.2012, p. 12). ISO/IEC 30111 and ISO/IEC 29147 provide guidance on vulnerabilitymeans a weakness, susceptibility or flaw of ICT products or ICT services that can be exploited by a cyber threat; handling and vulnerabilitymeans a weakness, susceptibility or flaw of ICT products or ICT services that can be exploited by a cyber threat; disclosure. Strengthening the coordination between reporting natural and legal persons and manufacturers or providers of ICT productsmeans an ICT product as defined in Article 2, point (12), of Regulation (EU) 2019/881; or ICT servicesmeans an ICT service as defined in Article 2, point (13), of Regulation (EU) 2019/881; is particularly important for the purpose of facilitating the voluntary framework of vulnerabilitymeans a weakness, susceptibility or flaw of ICT products or ICT services that can be exploited by a cyber threat; disclosure. Coordinated vulnerabilitymeans a weakness, susceptibility or flaw of ICT products or ICT services that can be exploited by a cyber threat; disclosure specifies a structured process through which vulnerabilitiesmeans a weakness, susceptibility or flaw of ICT products or ICT services that can be exploited by a cyber threat; are reported to the manufacturer or provider of the potentially vulnerable ICT productsmeans an ICT product as defined in Article 2, point (12), of Regulation (EU) 2019/881; or ICT servicesmeans an ICT service as defined in Article 2, point (13), of Regulation (EU) 2019/881; in a manner allowing it to diagnose and remedy the vulnerabilitymeans a weakness, susceptibility or flaw of ICT products or ICT services that can be exploited by a cyber threat; before detailed vulnerabilitymeans a weakness, susceptibility or flaw of ICT products or ICT services that can be exploited by a cyber threat; information is disclosed to third parties or to the public. Coordinated vulnerabilitymeans a weakness, susceptibility or flaw of ICT products or ICT services that can be exploited by a cyber threat; disclosure should also include coordination between the reporting natural or legal person and the manufacturer or provider of the potentially vulnerable ICT productsmeans an ICT product as defined in Article 2, point (12), of Regulation (EU) 2019/881; or ICT servicesmeans an ICT service as defined in Article 2, point (13), of Regulation (EU) 2019/881; as regards the timing of remediation and publication of vulnerabilitiesmeans a weakness, susceptibility or flaw of ICT products or ICT services that can be exploited by a cyber threat;.