Centralized Vulnerability Disclosure Platform

Centralized platform for reporting, managing, and coordinating vulnerabilities across your organization, ensuring secure and efficient handling with streamlined processes and enhanced collaboration.
Vulnerability reporting and management
CVE assignment and tracking
Disclosure policy creation tools
Designated national CSIRTs coordination

Our Journey Toward Stronger Cybersecurity

1

We enhance secure vulnerability management

Offering tools for efficient vulnerability reporting and management across your organization.
2

Promoting transparency and cybersecurity best practices

Helping organizations create and publish effective vulnerability disclosure policies.
3

Supporting collaboration among cybersecurity stakeholders

Enabling seamless coordination between organizations, researchers, and CSIRTs for improved security outcomes.
4

Offering accessible solutions for everyone

All Disclosure Alert platform features are completely free, ensuring full availability to all entities.

Coordinated Vulnerability Disclosure (CVD) has become an essential component of modern cybersecurity practices, especially for entities operating in sectors critical to the security and well-being of society. The NIS 2 Directive (Directive (EU) 2022/2555) underscores the importance of managing vulnerabilities in ICT products and services, urging entities to establish effective procedures for identifying, disclosing, and remedying vulnerabilities. This coordinated approach helps to mitigate the risks posed by cybersecurity threats and ensures that vulnerabilities are addressed swiftly and securely, minimizing the risk of exploitation by malicious actors. According to Article 26 of the directive, vulnerability management and disclosure are key components of a robust cybersecurity framework aimed at enhancing the security of network and information systems across the European Union.

Vulnerability Management Framework

Critical for mitigating cybersecurity threats and ensuring swift, secure handling of vulnerabilities under the NIS 2 Directive.

Secure Vulnerability Management

Entities must implement processes to identify, disclose, and mitigate vulnerabilities, ensuring protection against exploitation and threats.

NIS 2 Compliance

Effective and coordinated vulnerability disclosure is required under Article 26 to strengthen network and information systems across the EU.

Coordinated Vulnerability Disclosure

Implementing secure vulnerability management and national policies for NIS 2 Directive compliance while protecting researchers.

Vulnerability-Handling Procedures

Essential and important entities under NIS 2 must establish and implement robust procedures for internal vulnerability identification, mitigation, and collaboration with external parties.

National Policy Support

Member States, with ENISA’s support, must implement national policies on coordinated vulnerability disclosure to ensure secure reporting and protect researchers.

Entities subject to the NIS 2 Directive, particularly essential and important entities, have a clear obligation to establish vulnerability-handling procedures that not only allow for internal identification and mitigation but also foster collaboration with external parties, such as researchers or third-party security professionals. ENISA, the European Union Agency for Cybersecurity, recommends coordinated vulnerability disclosure as a best practice for improving the overall resilience of ICT systems and services. The directive mandates that Member States, in cooperation with ENISA, support the establishment of a national policy on coordinated vulnerability disclosure, as per Article 29, to encourage secure and responsible reporting of vulnerabilities, while protecting researchers from legal repercussions when acting in good faith.

Frequently Asked Questions

features, benefits, and functionality of the Disclosure Alert platform, guiding you on how to make the most of our services.
How do I create a vulnerability disclosure policy on the platform?
We offer an intuitive online tool that guides you step-by-step through the process of creating a customized disclosure policy tailored to your organization’s needs.
Our platform is completely free of charge. All features, including vulnerability reporting, policy creation, and coordination tools, are available to all entities without any cost.
Yes, as a CVE Numbering Authority (CNA), we provide CVE identifier assignment and publication for reported vulnerabilities within our scope, helping you catalog and manage security issues efficiently. Please read our CVE Assignment statement.
Our platform offers an updated list of designated national CSIRTs and facilitates seamless communication and coordination between organizations, researchers, and CSIRTs to ensure timely incident responses.

No, you don’t need to be an Edgewatch customer to use the Disclosure Alert platform. It’s accessible to all entities at no cost. However, if you’re already an Edgewatch customer, you can simply enable the vulnerability disclosure features through the integrations panel and have the entire disclosure process tracked directly within Edgewatch.

Have Questions?

Feel Free to Contact Us!

Our team is here to assist you with any inquiries about our platform, features, or services—reach out anytime for support.