10 Dec 2018

DIGITALEUROPE’s position paper on software security updates

Executive summary

As the voice of the digital technology industry in Europe, DIGITALEUROPE represents many companies that drive the development of connected technologies, including the Internet of Things (IoT). Security of connected technologies is key to gaining and maintaining consumer trust. We believe that increased connectivity requires continuous innovation and investment in technologies and processes designed to enhance security.

DIGITALEUROPE members continuously invest in enhancing security, including the development of sophisticated software vulnerability management systems, software security update protocols and other measures to mitigate the exploitability and/or impact of vulnerabilities.

DIGITALEUROPE encourages EU policymakers to take a coherent and systematic approachto ensure that different initiatives – ranging from consumer protection rules, the EU cybersecurity certification framework and environment policy to rules and guidance on other policy areas – do not contradict each other:

  • We caution against a rigid ruleset. Overly prescriptive, heavy-handed rules such as fixed or excessive length or frequency requirements for software security updates, ignoring the dynamic nature and complexity of an ever more connected world, might adversely affect emerging technologies and stifle market-driven security innovation.
  • No simplistic, one-size-fits-all solution. The ICT security landscape is in constant flux and software security updates cannot resolve all security threats. Moreover, risks stemming from software vulnerabilities cannot be addressed by a given vendor alone – all parties, including intermediaries and users, have a role to play.

  • Table of content
    1. Software security update policy
    2. Coordinated vulnerability disclosure
    3. Acting upon known vulnerabilities
    4. Software security update frequency
    5. Joint efforts and responsibility
Download the full document
FULL POSITION PAPER
For more information, please contact:
Alberto Di Felice
Policy and Legal Counsel
Back to Cybersecurity & Digital Resilience
View the complete Policy Paper
PDF
Our resources on Cybersecurity & Digital Resilience
14 Nov 2024 The Download
The Download - Taming the cyber storm whilst empowering European businesses to thrive
05 Sep 2024 Response to Public Consultation
The NIS2 Directive’s transposition: How do Member States make their critical infrastructure cybersecure?
04 Sep 2024 Policy Paper
Developing guidelines for the Cyber Resilience Act
Hit enter to search or ESC to close
This website uses cookies
We use cookies and similar techonologies to adjust your preferences, analyze traffic and measure the effectiveness of campaigns. You consent to the use of our cookies by continuing to browse this website.
Decline
Accept