Security News > 2023 > December > EU lawmakers finalize cyber security rules that panicked open source devs
Infosec in brief The European Union's Parliament and Council have reached an agreement on the Cyber Resilience Act, setting the long-awaited security regulation on a path to final approval and adoption, along with new rules exempting open source software.
The CRA was proposed by the European Commission in September 2022 and imposes mandatory cyber security requirements for all hardware and software products - from baby monitors to routers, as the EU Commission put it.
Included in the rule is a 24-hour disclosure period for any newly-discovered security flaw under active exploitation, five years of security patch support, thorough documentation of all security features, and more.
While better security is all well and good, concerns have been raised over the potential effect the CRA could have on open source software, which is often maintained by few people despite the importance it can often have to larger products.
"Only together will we be able to tackle successfully the cyber security emergency that awaits us in the coming years."
According to a letter sent to affected individuals, names, dates of birth and social security numbers may have been exposed - but Zeroed-In isn't entirely sure.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/12/04/infosec_in_brief/
Related news
- Osmedeus: Open-source workflow engine for offensive security (source)
- A closer look at the 2023-2030 Australian Cyber Security Strategy (source)
- Am I Isolated: Open-source container security benchmark (source)
- The ROI of Security Investments: How Cybersecurity Leaders Prove It (source)
- ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps (source)
- Debunking myths about open-source security (source)
- AxoSyslog: Open-source scalable security data processor (source)
- Australia Passes Groundbreaking Cyber Security Law to Boost Resilience (source)
- Hottest cybersecurity open-source tools of the month: November 2024 (source)
- Top 5 Cyber Security Trends for 2025 (source)