10 Dec 2018

DIGITALEUROPE’s position paper on software security updates

Executive summary

As the voice of the digital technology industry in Europe, DIGITALEUROPE represents many companies that drive the development of connected technologies, including the Internet of Things (IoT). Security of connected technologies is key to gaining and maintaining consumer trust. We believe that increased connectivity requires continuous innovation and investment in technologies and processes designed to enhance security.

DIGITALEUROPE members continuously invest in enhancing security, including the development of sophisticated software vulnerability management systems, software security update protocols and other measures to mitigate the exploitability and/or impact of vulnerabilities.

DIGITALEUROPE encourages EU policymakers to take a coherent and systematic approachto ensure that different initiatives – ranging from consumer protection rules, the EU cybersecurity certification framework and environment policy to rules and guidance on other policy areas – do not contradict each other:

  • We caution against a rigid ruleset. Overly prescriptive, heavy-handed rules such as fixed or excessive length or frequency requirements for software security updates, ignoring the dynamic nature and complexity of an ever more connected world, might adversely affect emerging technologies and stifle market-driven security innovation.
  • No simplistic, one-size-fits-all solution. The ICT security landscape is in constant flux and software security updates cannot resolve all security threats. Moreover, risks stemming from software vulnerabilities cannot be addressed by a given vendor alone – all parties, including intermediaries and users, have a role to play.

  • Table of content
    1. Software security update policy
    2. Coordinated vulnerability disclosure
    3. Acting upon known vulnerabilities
    4. Software security update frequency
    5. Joint efforts and responsibility
Download the full document
FULL POSITION PAPER
For more information, please contact:
Alberto Di Felice
Senior Policy Manager for Infrastructure, Privacy and Security
Martin Bell
Policy Officer for Privacy and Cybersecurity
Back to Cybersecurity
View the complete Policy Paper
PDF
Our resources on Cybersecurity
Policy Paper 31 Jan 2019
DIGITALEUROPE position on the proposal for a European Cybersecurity Competence Network and Centre
Press Release 20 Dec 2018
DIGITALEUROPE welcomes Cybersecurity Act and looks forward to future work
Policy Paper 30 Oct 2018
Joint industry letter to European Banking Authority on SCA and CVV authentication factors
Hit enter to search or ESC to close