10 Dec 2018

DIGITALEUROPE’s position paper on software security updates

Executive summary

As the voice of the digital technology industry in Europe, DIGITALEUROPE represents many companies that drive the development of connected technologies, including the Internet of Things (IoT). Security of connected technologies is key to gaining and maintaining consumer trust. We believe that increased connectivity requires continuous innovation and investment in technologies and processes designed to enhance security.

DIGITALEUROPE members continuously invest in enhancing security, including the development of sophisticated software vulnerability management systems, software security update protocols and other measures to mitigate the exploitability and/or impact of vulnerabilities.

DIGITALEUROPE encourages EU policymakers to take a coherent and systematic approachto ensure that different initiatives – ranging from consumer protection rules, the EU cybersecurity certification framework and environment policy to rules and guidance on other policy areas – do not contradict each other:

  • We caution against a rigid ruleset. Overly prescriptive, heavy-handed rules such as fixed or excessive length or frequency requirements for software security updates, ignoring the dynamic nature and complexity of an ever more connected world, might adversely affect emerging technologies and stifle market-driven security innovation.
  • No simplistic, one-size-fits-all solution. The ICT security landscape is in constant flux and software security updates cannot resolve all security threats. Moreover, risks stemming from software vulnerabilities cannot be addressed by a given vendor alone – all parties, including intermediaries and users, have a role to play.

  • Table of content
    1. Software security update policy
    2. Coordinated vulnerability disclosure
    3. Acting upon known vulnerabilities
    4. Software security update frequency
    5. Joint efforts and responsibility
Download the full document
For more information, please contact:
Alberto Di Felice
Policy and Legal Counsel
Back to Cybersecurity
View the complete Policy Paper
Our resources on Cybersecurity
02 Oct 2023 Position Paper
Driving a resilient and commercially attractive raw material market in Europe: industry recommendations on the CRM Act
25 Sep 2023 Position Paper
Building a strong foundation for the Cyber Resilience Act: key considerations for trilogues
18 Sep 2023 Position Paper
Adapting ENISA’s mandate and collaboration in a changing cyber landscape
Hit enter to search or ESC to close
This website uses cookies
We use cookies and similar techonologies to adjust your preferences, analyze traffic and measure the effectiveness of campaigns. You consent to the use of our cookies by continuing to browse this website.