10 Dec 2018

DIGITALEUROPE’s position paper on software security updates

Executive summary

As the voice of the digital technology industry in Europe, DIGITALEUROPE represents many companies that drive the development of connected technologies, including the Internet of Things (IoT). Security of connected technologies is key to gaining and maintaining consumer trust. We believe that increased connectivity requires continuous innovation and investment in technologies and processes designed to enhance security.

DIGITALEUROPE members continuously invest in enhancing security, including the development of sophisticated software vulnerability management systems, software security update protocols and other measures to mitigate the exploitability and/or impact of vulnerabilities.

DIGITALEUROPE encourages EU policymakers to take a coherent and systematic approachto ensure that different initiatives – ranging from consumer protection rules, the EU cybersecurity certification framework and environment policy to rules and guidance on other policy areas – do not contradict each other:

  • We caution against a rigid ruleset. Overly prescriptive, heavy-handed rules such as fixed or excessive length or frequency requirements for software security updates, ignoring the dynamic nature and complexity of an ever more connected world, might adversely affect emerging technologies and stifle market-driven security innovation.
  • No simplistic, one-size-fits-all solution. The ICT security landscape is in constant flux and software security updates cannot resolve all security threats. Moreover, risks stemming from software vulnerabilities cannot be addressed by a given vendor alone – all parties, including intermediaries and users, have a role to play.

  • Table of content
    1. Software security update policy
    2. Coordinated vulnerability disclosure
    3. Acting upon known vulnerabilities
    4. Software security update frequency
    5. Joint efforts and responsibility
Download the full document
For more information, please contact:
Alberto Di Felice
Director for Infrastructure, Privacy & Security Policy
Martin Bell
Manager for Privacy & Cybersecurity Policy
Back to Cybersecurity
View the complete Policy Paper
Our resources on Cybersecurity
Publication & Brochure 08 Sep 2021
Setting the standard: How to secure the Internet of Things
Policy Paper 12 Apr 2021
Critical entities: ensuring coherence of non-cyber and cyber resilience
Policy Paper 19 Mar 2021
DIGITALEUROPE's position on the NIS 2 Directive
Hit enter to search or ESC to close
This website uses cookies
We use cookies and similar techonologies to adjust your preferences, analyze traffic and measure the effectiveness of campaigns. You consent to the use of our cookies by continuing to browse this website.