DefectDojo, a recognized leader in scalable security and unified vulnerability management, has unveiled a major enhancement to its DefectDojo Pro platform: automated enrichment using Known Exploited Vulnerabilities (KEV) data. This update comes as part of the company’s proactive approach to helping businesses prepare for the European Union’s Cyber Resilience Act (CRA), set to be fully enforced by 2027.
Organizations operating within or connected to the EU are facing new, stringent compliance obligations under the CRA. DefectDojo’s latest innovation aims to help companies meet these expectations efficiently by enriching vulnerability data, enabling faster identification and resolution of high-risk security issues. These capabilities not only aid in compliance but also boost the overall effectiveness of AppSec programs, regardless of an organization’s location.
Cyber Technology Insights : Illumio Insights GA Delivers Industry’s First Solution to Contain Lateral Movement Across Hybrid, Multi-Cloud
Anticipating Compliance Needs Early
Recognizing the urgency surrounding CRA compliance, DefectDojo prioritized the development of these features to ensure customers are fully prepared when enforcement begins. Much like the General Data Protection Regulation (GDPR), the CRA introduces strict penalties for non-compliance. Severe violations may result in fines of up to €15 million or 2.5% of global annual revenue—whichever is higher. Additionally, businesses risk further repercussions such as product recalls, bans from the EU market, and the cascading financial losses associated with data breaches, which currently average nearly $5 million USD per incident.
“Europe’s new regulations are both extensive and rigorous. Businesses that aren’t prepared will face significant consequences,” said Greg Anderson, CEO and founder of DefectDojo. “By building out these capabilities now, we’re giving our customers a head start on aligning with CRA requirements—minimizing future risk.”
Automation as a Competitive Advantage
During this transitional period, EU regulators are urging companies to align internal security policies with CRA standards, prepare for audits, maintain thorough documentation, and implement modern vulnerability management practices. Dojo Pro is positioned as a powerful central platform for security operations, enabling organizations to effectively triage and act on vulnerabilities uncovered by both Application Security (AppSec) and Security Operations Center (SOC) teams.
Cyber Technology Insights : Backslash Security to Unveil Comprehensive Vibe Coding Security Platform at Black Hat USA 2025
Given that an average enterprise may encounter over 500,000 security findings within a single quarter—while only 2-5% typically demand urgent attention—automation is no longer optional. DefectDojo’s KEV enrichment adds vital context to each finding’s true severity, significantly improving prioritization. This is enhanced by the platform’s robust Rules Engine, which allows users to define custom logic for automatically editing, escalating, de-escalating, or applying remediation advice to findings—dramatically reducing manual workloads.
Next-Generation Prioritization
One of the standout elements of this update is Dojo Pro’s new advanced prioritization framework. This feature evaluates findings more intelligently, ensuring that teams focus their efforts on the vulnerabilities that pose the highest risks. By filtering out lower-priority issues, security teams can reclaim valuable time and resources.
DefectDojo’s continued innovation reflects its commitment to simplifying and strengthening cybersecurity operations across sectors. As the regulatory landscape evolves, tools like Dojo Pro will be essential for organizations that need to stay compliant without sacrificing agility or security maturity.
Cyber Technology Insights : Noma Security Raises $100 Million to Drive Adoption of AI Agent Security
To participate in our interviews, please write to our CyberTech Media Room at sudipto@intentamplify.com
Source: businesswire
