NOTAS: | "Based on the experiences and perspectives gathered from industry players and national governments, as well as on the documentation developed by multiple actors involved with national vulnerability initiatives and programmes, the EU Coordinated Vulnerability Disclosure (CVD) ecosystem remains fragmented. Although interesting approaches and initiatives are taking place in some EU Member States, yet further steps can be done towards an integrated EU vision and action. This report shows that, despite recent efforts by national governments in developing CVD policies, some industry players have taken the lead and developed vulnerability policies and programmes at organisation level. Nevertheless, among the top industry expectations is that the development of a national or European level CVD policy could help organisations and public administrations to set vulnerability management as a priority and further encourage security practices. In addition, the alignment of such policies with existing international standards, can greatly help in promoting harmonization." |