Security News > 2023 > December > EU lawmakers finalize cyber security rules that panicked open source devs

Infosec in brief The European Union's Parliament and Council have reached an agreement on the Cyber Resilience Act, setting the long-awaited security regulation on a path to final approval and adoption, along with new rules exempting open source software.

The CRA was proposed by the European Commission in September 2022 and imposes mandatory cyber security requirements for all hardware and software products - from baby monitors to routers, as the EU Commission put it.

Included in the rule is a 24-hour disclosure period for any newly-discovered security flaw under active exploitation, five years of security patch support, thorough documentation of all security features, and more.

While better security is all well and good, concerns have been raised over the potential effect the CRA could have on open source software, which is often maintained by few people despite the importance it can often have to larger products.

"Only together will we be able to tackle successfully the cyber security emergency that awaits us in the coming years."

According to a letter sent to affected individuals, names, dates of birth and social security numbers may have been exposed - but Zeroed-In isn't entirely sure.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/12/04/infosec_in_brief/