Source: OJ L 333, 27.12.2022, p. 80–152
ENRecital 58 Vulnerability disclosure
Since the exploitation of vulnerabilities means a weakness, susceptibility or flaw of ICT products or ICT services that can be exploited by a cyber threat; in network and information systems means: an electronic communications network as defined in Article 2, point (1), of Directive (EU) 2018/1972; any device or group of interconnected or related devices, one or more of which, pursuant to a programme, carry out automatic processing of digital data; or digital data stored, processed, retrieved or transmitted by elements covered under points (a) and (b) for the purposes of their operation, use, protection and maintenance; may cause significant disruption and harm, swiftly identifying and remedying such vulnerabilities means a weakness, susceptibility or flaw of ICT products or ICT services that can be exploited by a cyber threat; is an important factor in reducing risk means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident;. Entities means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; that develop or administer network and information systems means: an electronic communications network as defined in Article 2, point (1), of Directive (EU) 2018/1972; any device or group of interconnected or related devices, one or more of which, pursuant to a programme, carry out automatic processing of digital data; or digital data stored, processed, retrieved or transmitted by elements covered under points (a) and (b) for the purposes of their operation, use, protection and maintenance; should therefore establish appropriate procedures to handle vulnerabilities means a weakness, susceptibility or flaw of ICT products or ICT services that can be exploited by a cyber threat; when they are discovered. Since vulnerabilities means a weakness, susceptibility or flaw of ICT products or ICT services that can be exploited by a cyber threat; are often discovered and disclosed by third parties, the manufacturer or provider of ICT products means an ICT product as defined in Article 2, point (12), of Regulation (EU) 2019/881; or ICT services means an ICT service as defined in Article 2, point (13), of Regulation (EU) 2019/881; should also put in place the necessary procedures to receive vulnerability means a weakness, susceptibility or flaw of ICT products or ICT services that can be exploited by a cyber threat; information from third parties. In that regard, international standards means a standard as defined in Article 2, point (1), of Regulation (EU) No 1025/2012 of the European Parliament and of the Council(^29^); Regulation (EU) No 1025/2012 of the European Parliament and of the Council of 25 October 2012 on European standardisation, amending Council Directives 89/686/EEC and 93/15/EEC and Directives 94/9/EC, 94/25/EC, 95/16/EC, 97/23/EC, 98/34/EC, 2004/22/EC, 2007/23/EC, 2009/23/EC and 2009/105/EC of the European Parliament and of the Council and repealing Council decision 87/95/EEC and Decision No 1673/2006/EC of the European Parliament and of the Council (OJ L 316, 14.11.2012, p. 12). ISO/IEC 30111 and ISO/IEC 29147 provide guidance on vulnerability means a weakness, susceptibility or flaw of ICT products or ICT services that can be exploited by a cyber threat; handling and vulnerability means a weakness, susceptibility or flaw of ICT products or ICT services that can be exploited by a cyber threat; disclosure. Strengthening the coordination between reporting natural and legal persons and manufacturers or providers of ICT products means an ICT product as defined in Article 2, point (12), of Regulation (EU) 2019/881; or ICT services means an ICT service as defined in Article 2, point (13), of Regulation (EU) 2019/881; is particularly important for the purpose of facilitating the voluntary framework of vulnerability means a weakness, susceptibility or flaw of ICT products or ICT services that can be exploited by a cyber threat; disclosure. Coordinated vulnerability means a weakness, susceptibility or flaw of ICT products or ICT services that can be exploited by a cyber threat; disclosure specifies a structured process through which vulnerabilities means a weakness, susceptibility or flaw of ICT products or ICT services that can be exploited by a cyber threat; are reported to the manufacturer or provider of the potentially vulnerable ICT products means an ICT product as defined in Article 2, point (12), of Regulation (EU) 2019/881; or ICT services means an ICT service as defined in Article 2, point (13), of Regulation (EU) 2019/881; in a manner allowing it to diagnose and remedy the vulnerability means a weakness, susceptibility or flaw of ICT products or ICT services that can be exploited by a cyber threat; before detailed vulnerability means a weakness, susceptibility or flaw of ICT products or ICT services that can be exploited by a cyber threat; information is disclosed to third parties or to the public. Coordinated vulnerability means a weakness, susceptibility or flaw of ICT products or ICT services that can be exploited by a cyber threat; disclosure should also include coordination between the reporting natural or legal person and the manufacturer or provider of the potentially vulnerable ICT products means an ICT product as defined in Article 2, point (12), of Regulation (EU) 2019/881; or ICT services means an ICT service as defined in Article 2, point (13), of Regulation (EU) 2019/881; as regards the timing of remediation and publication of vulnerabilities means a weakness, susceptibility or flaw of ICT products or ICT services that can be exploited by a cyber threat;.