Under the Cyber Resilience Act, manufacturers must provide a single point of contact for reporting vulnerabilities.
Policy Requirements
Your CVD Policy must clearly state:
- Scope of products covered
- Rules of engagement for security researchers
- Expected response timelines
- Safe harbor provisions