New CRA Act target open-source

Share post:

According to open-source leaders, the European Union’s planned Cyber Resilience Act (CRA), which aims to “bolster cybersecurity rules to ensure more secure hardware and software products,” could have serious consequences for open-source software.

The proposed Act is said to introduce CE marking for software products with four specific goals. Which manufacturers must improve digitally enhanced product security “across the entire life cycle?” The second goal is to create a “coherent cybersecurity framework” for determining compliance. The third goal is to improve product transparency when it comes to digital security, and the fourth goal is to allow customers to “securely use products containing digital elements.”

The issue raised by open-source leaders appears to be concerning free software developers who are unable to afford the new direct compliance costs for new cybersecurity requirements, conformity assessment, documentation, and reporting obligations. The additional costs are estimated to be EUR 29 billion ($31.54 billion). This would also result in higher consumer prices.

The CRA also intends to prohibit the sale of unfinished software for purposes other than testing. This has serious consequences for open-source software. The absence of unfinished software on the market can harm open-source software by reducing the number of potential contributors and users.

Others cannot use, modify, or improve on software that is not available. This can result in a lack of interest and engagement in the open-source community, slowing or even halting development. Furthermore, without access to the software, users may be unaware of its potential benefits, further limiting interest and engagement. Overall, the lack of completed software can limit the growth and impact of the open-source software community.

The sources for this piece include an article in Devclass.



Related articles

Microsoft announces enhanced security feature for OneNote

Microsoft has released further information on the increased security measures it is deploying for OneNote in order to...

Russian hacker group steals Emails of NATO officials and diplomats

Since February 2023, a Russian hacking gang known as TA473 or 'Winter Vivern' has targeted unpatched Zimbra endpoints...

Canadian cybersecurity accelerator counts its accomplishments

A Canadian university-associated business accelerator for helping early-stage cybersecurity companies says its first two years of operation have been more than satisfactory. The Rogers Cybersecure Catalyst Accelerator has had “an incredible impact” on Canadian cybersecurity entrepreneurs and founders, executive director Charles Finlay said this week in the first report on the program’s progress. Despite having

Crackdown on ransomware gangs yet to show an impact: OpenText

In its annual cybersecurity report OpenText also looked at malware, phishing and infec

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways