shifting the security burden onto software developers
See the following -
Understanding the Cyber Resilience Act: What Everyone involved in Open Source Development Should Know
The European Union is making big changes to cybersecurity requirements with its proposed Cyber Resilience Act (CRA). You may have heard about the CRA’s potential impact on the open source ecosystem. But what does the Cyber Resilience Act mean for you? This post is an introduction to the Act and explains how it may affect the open source maintainers and developer community. Note that this post is based on a draft of the CRA from September 15, 2022. The Act is still in a draft stage and getting feedback, and its provisions may differ before it is passed into law. The Cyber Resilience Act was introduced by the European Parliament in September 2022. Its purpose is to establish cybersecurity requirements for devices and software marketed in the EU. Everybody who places digital products in the EU market will be responsible for additional obligations around reporting and compliance, such as fixing discovered vulnerabilities, providing software updates, and auditing and certifying the products.
- Login to post comments