DefectDojo Simplifies EU Cyber Reliance Act Compliance with New KEV Enrichment

AUSTIN, Texas--(BUSINESS WIRE)--DefectDojo, the leader in scalable security, unified vulnerability management and DevSecOps, today announced new automated Known Exploited Vulnerabilities (KEV) data enrichment features for DefectDojo Pro. Ahead of the European Union’s full enforcement of the Cyber Reliance Act (CRA) in 2027, organizations with any EU operations need to ensure their application security (AppSec) program meets the act’s stringent new compliance requirements or risk significant consequences. In addition to checking a major compliance box, the new data enrichment capabilities will help any organization, regardless of location, more efficiently surface truly critical findings and immediately begin addressing them.

DefectDojo prioritized developing these new features ahead of full enforcement to ensure that organizations are ready for compliance from day one.

Share

As with the GDPR, the EU’s CRA includes strict penalties for failure to comply. Serious non-compliance violations, for example, can cost an organization €15 million or 2.5% of global annual turnover, whichever is greater. This does not include any further monetary damage caused by a breach, which now costs nearly $5 million USD on average. Authorities can also order product recalls and withdrawals from the EU market as well as prohibit further sales of a non-compliant product, resulting in further lost revenue.

“The EU’s new regulations are wide-reaching and thorough, and the penalties will increase the growing financial burden of a data breach to businesses. DefectDojo prioritized developing these new features ahead of full enforcement to ensure that organizations are ready for compliance from day one,” said Greg Anderson, CEO and founder, DefectDojo. “By preparing our customers for this change now, we’re helping them avoid the consequences later.”

In this transitory period, the EU has encouraged organizations to align their internal processes for full compliance, prepare for regular audits and documentation checks and adopt vulnerability management best practices. As a centralized command center for security, Dojo Pro serves as a force-multiplier for businesses to automatically triage and prioritize both AppSec and Security Operations Center (SOC) findings and necessary remediations.

On average, companies deal with over 500,000 findings in a three-month period, but just 2-5% require immediate action, necessitating some form of automation to deduplicate findings and provide accurate prioritization lists. KEV data enrichment provides additional context to a finding’s actual risk severity in conjunction with the platform’s Rules Engine, which enables teams to customize rules to automatically manipulate, edit, enhance, add custom remediation advice, escalate, or de-escalate specific findings, all without significant human effort. Dojo Pro’s newly-launched next generation prioritization evaluation further classifies findings to reduce the time spent on low-risk findings.

Dojo Pro’s KEV data enrichment features will be showcased at Black Hat USA 2025 on August 6-7 at the DefectDojo booth (#6617) in the Business Hall’s Startup City section. CTO Matt Tesauro will also demo DefectDojo’s open-source OWASP Edition as part of Black Hat Arsenal, with his session scheduled for Thursday, August 7 at 2:00 PM.

Built by and for cybersecurity professionals, Dojo Pro is designed to make scalable security a reality for organizations of any size and centralize vulnerability data into one easy-to-use platform. DefectDojo’s customer base includes Fortune 10 companies, international banks, government agencies and solo consultants alike, and the OWASP Edition of the platform has been downloaded over 43 million times. To learn more about DefectDojo and get started with either the OWASP Edition or Dojo Pro, contact hello@defectdojo.com.

About DefectDojo

DefectDojo is the engine that drives DevSecOps, providing an open, scalable platform that connects security strategy to execution. By aggregating data from any security tool, automating manual processes, and delivering AI-powered insights, DefectDojo empowers organizations to have a unified view of security posture, automate operations to increase productivity and improve decision-making. For more information, visit defectdojo.com or follow us on LinkedIn or GitHub.