Beta

Source: OJ L 333, 27.12.2022, p. 80–152

EN

Recital 58 Vulnerability disclosure

Since the exploitation of vulnerabilities means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; in network and information systems means: an electronic communications network as defined in Article 2, point (1), of Directive (EU) 2018/1972; any device or group of interconnected or related devices, one or more of which, pursuant to a programme, carry out automatic processing of digital data; or digital data stored, processed, retrieved or transmitted by elements covered under points (a) and (b) for the purposes of their operation, use, protection and maintenance; may cause significant disruption and harm, swiftly identifying and remedying such vulnerabilities means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; is an important factor in reducing risk means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident;. Entities means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; that develop or administer network and information systems means: an electronic communications network as defined in Article 2, point (1), of Directive (EU) 2018/1972; any device or group of interconnected or related devices, one or more of which, pursuant to a programme, carry out automatic processing of digital data; or digital data stored, processed, retrieved or transmitted by elements covered under points (a) and (b) for the purposes of their operation, use, protection and maintenance; should therefore establish appropriate procedures to handle vulnerabilities means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; when they are discovered. Since vulnerabilities means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; are often discovered and disclosed by third parties, the manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; or provider of ICT products means an ICT product as defined in Article 2, point (12), of Regulation (EU) 2019/881; or ICT services means digital and data services provided through ICT systems to one or more internal or external users on an ongoing basis, including hardware as a service and hardware services which includes the provision of technical support via software or firmware updates by the hardware provider, excluding traditional analogue telephone services; should also put in place the necessary procedures to receive vulnerability means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; information from third parties. In that regard, international standards means an international standard as defined in Article 2, point (1)(a), of Regulation (EU) No 1025/2012; ISO/IEC 30111 and ISO/IEC 29147 provide guidance on vulnerability means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; handling and vulnerability means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; disclosure. Strengthening the coordination between reporting natural and legal persons and manufacturers means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; or providers of ICT products means an ICT product as defined in Article 2, point (12), of Regulation (EU) 2019/881; or ICT services means digital and data services provided through ICT systems to one or more internal or external users on an ongoing basis, including hardware as a service and hardware services which includes the provision of technical support via software or firmware updates by the hardware provider, excluding traditional analogue telephone services; is particularly important for the purpose of facilitating the voluntary framework of vulnerability means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; disclosure. Coordinated vulnerability means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; disclosure specifies a structured process through which vulnerabilities means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; are reported to the manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; or provider of the potentially vulnerable ICT products means an ICT product as defined in Article 2, point (12), of Regulation (EU) 2019/881; or ICT services means digital and data services provided through ICT systems to one or more internal or external users on an ongoing basis, including hardware as a service and hardware services which includes the provision of technical support via software or firmware updates by the hardware provider, excluding traditional analogue telephone services; in a manner allowing it to diagnose and remedy the vulnerability means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; before detailed vulnerability means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; information is disclosed to third parties or to the public. Coordinated vulnerability means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; disclosure should also include coordination between the reporting natural or legal person and the manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; or provider of the potentially vulnerable ICT products means an ICT product as defined in Article 2, point (12), of Regulation (EU) 2019/881; or ICT services means digital and data services provided through ICT systems to one or more internal or external users on an ongoing basis, including hardware as a service and hardware services which includes the provision of technical support via software or firmware updates by the hardware provider, excluding traditional analogue telephone services; as regards the timing of remediation and publication of vulnerabilities means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat;.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

dora@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod