The UK’s financial regulators have scrapped plans to mandate that “critical third party” (CTP) organizations disclose new software vulnerabilities to them. The decision was taken in response to feedback on a new set of policies, which are designed to enhance the operational resilience of the UK’s financial system and related CTPs.
Source: Infosecurity Magazine – Information Security & IT Security