Skip to main content

New post! The EU Cyber Resilience Act is now (almost) final, but what does it ACTUALLY mean for open source? It is mostly good news, and there are real opportunities to use the #CRA to our advantage: https://berthub.eu/articles/posts/eu-cra-what-does-it-mean-for-open-source/

EU CRA: What does it mean for open source? - Bert Hubert's writings

The final compromise text of the EU Cyber Resilience Act is now officially available, and various open source voices are currently opining on it.
Bert Hubert's writings
#cra

OndΕ™ej Caletka reshared this.

in reply to bert hubert πŸ‡ΊπŸ‡¦πŸ‡ͺπŸ‡Ί

Mathijs
Mathijs
thanks for that writeup! Do you expect that the CRA in this form might discourage the commercial use of open source software? It seems to me that putting companies on the hook for issues in their foss dependencies may scare them off from using them in the first place.
in reply to Mathijs

bert hubert πŸ‡ΊπŸ‡¦πŸ‡ͺπŸ‡Ί
bert hubert πŸ‡ΊπŸ‡¦πŸ‡ͺπŸ‡Ί
@mvgorcum well - open source is not special in this regard. Commercial libraries are treated just the same, but are far harder to inspect. The dynamics will be interesting!
@Mathijs
⇧