The Cyber Resilience Act Threatens Open Source

Society and governments are struggling to adapt to a world full of cybersecurity threats. Case in point: the EU CRA — Cyber Resilience Act — is a proposal by the European Commission to enact legislation with a noble goal: protect consumers from cybercrime by having security baked in during design. Even if you don’t live in the EU, today’s global market ensures that if the European Parliament adopts this legislation, it will affect the products you buy and, possibly, the products you create. In a recent podcast, our own [Jonathan Bennett] and [Doc Searles] interview [Mike Milinkovich] from the Eclipse Foundation about the proposal and what they fear would be almost a death blow to open source software development. You can watch the podcast below.

If you want some background, you can read the EU’s now closed request for comments and the blog post outlining the problems from At the heart of the issue is the need for organizations to self-certify their compliance with the act. Since open source is often maintained by a small loose-knit group of contributors, it is difficult to see how this will work.

Continue reading “The Cyber Resilience Act Threatens Open Source”