Vulnerability Handling in Common Criteria (U30a)
Recent developments in the global cybersecurity landscape, such as society’s increasing reliance on interconnected systems, the adoption of connected devices in critical infrastructure, and geopolitical events emphasizing the importance of digital sovereignty, have heightened security concerns across public and private sectors. Governments worldwide have responded to these trends by enacting regulatory measures that impose new security certification requirements at the product level. However, challenges persist in achieving certification scalability across product portfolios and industries. Bridging this gap will necessitate closer alignment of certification schemes with developers’ business objectives to realize the intended impact of security certification envisioned by regulatory actions. Both sides understand the issues driving this misalignment, presenting an opportune moment to explore methods that can facilitate achieving certification scalability aligned with the original cybersecurity regulatory vision.