Can open source be saved from the EU's Cyber Resilience Act?

2023-10-13 14:45

Opinion When I was in Bilbao recently for the Open Source Summit Europe event, the main topic of conversation was the European Union's Cyber Resilience Act.

Why? Because pretty much everyone with an open source clue sees it as strangling open source software development.

As I've mentioned before, the open source community knew the CRA was bad news with a capital B. The hope was that the European Council could be persuaded to modify the CRA so that it wouldn't be so onerous for open source developers.

As Arpit Joshipura, the Linux Foundation's senior VP of networking, said at the event, "There's too much drama. We must look at the end goal. The end goal for all of us is the same. We want to secure software, and we want to secure open source software."

I might add, they'd love it if EU officials had a clue about how open source really works.

A host of open source and security organizations protested [PDF], saying: "Such recently exploited vulnerabilities are unlikely to be mitigated within such a short time, leading to real time databases of software with unmitigated vulnerabilities in the possession of potentially dozens of government agencies."

News URL

https://go.theregister.com/feed/www.theregister.com/2023/10/13/can_open_source_be_saved/

#EU #opensource