Jean-Baptiste MailletMay 22, 2025
Did you know?
CIRCL's vulnerability-lookup is mentioned in the LF/OpenSSF CRA training. (screencap, top left)
https://vulnerability.circl.lu/
https://training.linuxfoundation.org/express-learning/understanding-the-eu-cyber-resilience-act-cra-lfel1001/
@adulau
#circl #vulnerability-lookup #cra
Vulnerability-Lookup

Vulnerability-Lookup - Fast vulnerability lookup correlation from different sources.

Show threadJean-Baptiste MailletMay 22, 2025
...as well as the EUVD.
@adulau
Show threadJean-Baptiste Maillet
...but this collides with the EUVD FAQ itself, which refer to the EUVD as related to the NIS2 directive, not the CRA.
Any EU regulation scholar around here?
 
@adulau
May 22, 2025 at 12:38pmWeb
Show threadAlexandre DulaunoyMay 22, 2025
@jbm In my opinion, the CRA is more of an exception compared to the standard CVD process. It typically only addresses known exploited vulnerabilities, which usually end up being handled through a standard CVD process under NIS 2.