AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
![]() Nevertheless, ITRE’s version of the CRA, in Recital 10b could threaten to undermine this. Open source projects receiving donations will fall under the strict rules of the CRA– Keeping open source projects sustainable is not an easy task, and accepting donations is one way to ensure their financial independence.This will result in a less innovative and less secure software ecosystem. Simultaneously, companies might ban their employees from contributing to open source projects. Projects might feel compelled to reject developers and their contributions when employed by the companies that use their software. Should this happen, the number of maintainers and contributors to open source projects will decrease significantly. Open source projects with corporate developers as contributors will be subject to the CRA– The current text (Recitals 10 and 10a) would deem any open source project as commercial, as long as it has committers employed by a commercial entity.Members of the open source community have been speaking out against this – below we highlight our key concerns: Unfortunately, the changes made in the text by the Industry Committee (ITRE) of the European Parliament fall short of improving and, in some cases, even worsen the CRA requirements regarding open source development. ![]() In a previous blogpost and position paper, we expressed our concerns with the original Cyber Resilience Act proposal by the European Commission, particularly regarding the disclosure of unmitigated vulnerabilities and the open source exemption. Recent discussions in the European Parliament can seriously undermine existing cyber security practices and open source development by setting disproportionate obligations and strict requirements for vendors supplying products in Europe.
0 Comments
Read More
Leave a Reply. |