Internationaal

Now’s the Time to Fix the Cyber Resilience Act

Door

17 oktober 2023

Dit bericht verscheen eerder bij FOSSlife

In its current form, the European Union’s Cyber Resilience Act (CRA) would impose a major burden on open source contributors, developers, and non-profit foundations, says Linux Foundation Europe.

Ends vs. Means

“The policy goals of the CRA — reducing vulnerabilities in digital products, ensuring cybersecurity is maintained throughout a product’s life cycle, and enabling users to make informed decisions when selecting and operating them — are widely supported, including by LF Europe,” the organization says. However, “major concerns remain about how the CRA aims to achieve these goals, especially in the context of the open source ecosystem.”

In a previous article, we noted some of these concerns, as described by organizations including the Python Software Foundation (PSF), which found “issues that put the mission of our organization and the health of the open source software community at risk,” according to Deb Nicholson, Executive Director of the PSF.

“The CRA could bring support to open source developers maintaining the critical foundations of our digital society. But instead of introducing incentives for integrators or financial support via the CRA, the current proposal will overload small developers with compliance work,” says NLnet Labs.

As Steven J. Vaughan-Nichols puts it, “pretty much everyone with an open source clue sees it as strangling open source software development.” One problem, he says, “is that everyone who publishes software via the Internet is potentially liable for CRA penalties. Don’t live in the EU? Too bad. That doesn’t count.”

Moving Forward

The act is moving through the legislative process and “will soon enter the EU trilogue phase, which is the last step before the EU parliament will vote on the CRA in the plenary,” explains LF Europe, which is now “calling for the broader community to take immediate action.”

“Whether you are an individual contributor, a corporation contributing to or relying on open source, or a public sector representative, your active participation matters. We encourage you to vocalize your concerns,” the organization says.

Learn more at LF Europe.

See also:

Contact FOSSlife to learn about partnership and sponsorship opportunities.

Dit bericht verscheen eerder bij FOSSlife

Now’s the Time to Fix the Cyber Resilience Act

Ends vs. Means

Moving Forward

Recente posts

Bristol Uni to host one of Europe’s most power supercomputer clusters

Music Streaming Market Growth in Future 2020-2027 | Demand | Share | Revenue, Forecast...

IR35 reforms: HMRC questioned about CEST as tax status of 210,000 contractors left 'undetermined'

Who Gets the L.L.C.? Inside a Silicon Valley Billionaire’s Divorce.

IT leadership and generative AI: Today’s challenges and opportunities

Meest bekeken posts

Public Preview: Azure Dedicated Host – Redeploy

IT Sustainability Think Tank: Calculating IT equipment capacity – the challenging path forward

Updated Retirement Notice: Azure Data Catalog will now be retired on 15 May 2024

Microsoft sees datacentre investments key to AI leadership

Alphabet earnings show drive to boost Google Cloud and AI adoption

POPULAIRE BERICHTEN

BIT-blogs – Security monitoring bij BIT

Booming Segments of AI Conversational Platform Market 2020-2028 with AWS, Google,...

Okta picks up Auth0 for $6.5bn

POPULAIRE CATEGORIE