[cooperation-wg] Cyber Resilience Act effects on OSS on agenda of open source-wg
- Previous message (by thread): [cooperation-wg] Cyber Resilience Act effects on OSS on agenda of open source-wg
- Next message (by thread): [cooperation-wg] Cyber Resilience Act effects on OSS on agenda of open source-wg
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Alessandro Vesely
vesely at tana.it
Mon Oct 31 11:14:29 CET 2022
Hi all, I just browsed the ISOC article linked below and it sounds wrong to me. While it is correct to note that "certification will not eradicate bugs even when a manufacturer is fully compliant", trying to exempt FOSS is not the right approach. What software would you use, a fully certified, professional OS, or a run-at-your-risk product by hobbyists who are exempted from security regulations by a compassionate exception to the Cyber Resilience Act? If the point is certification costs, I'd recommend that certification agencies be required to work for a percentage of the cover price of the product they're certifying, which is 0 for most FOSS packages. No exceptions. Best Ale On Tue 25/Oct/2022 10:53:39 +0200 Johan Helsingius wrote: > Hi Maarten, > > Thank you for the heads-up - it is definitely a proposal that > needs to be followed. > > Julf > > On 24-10-2022 14:58, Maarten Aertsen wrote: >> Dear cooperation working group, >> >> I'd like to call your attention to my talk on the draft agenda of the >> open source wg this Wednesday, because I believe it may be of interest to >> members of this group: >> >> On 10/10/2022 18:47, Marcos Sanz wrote: >>> Agenda RIPE 85 Open Source WG Session >>> Wednesday, October 26, 10:30 - 11:30 (CEST) >>> [..] >>> B. "Cyber Resilience Act effects on OSS", Maarten Aertsen, NLnet >>> Labs >>> >>> NLnet Labs is closely following a legislative proposal by the European >>> Commission affecting almost all hardware and software on the >>> European market. The Cyber Resilience Act intends to ensure cybersecurity of >>> products with digital elements by laying down requirements and obligation >>> for economic operators. >>> >>> In this short talk you'll learn what to expect in the Cyber Resilience Act >>> and why this proposal may matter to you as a developer >>> or user of open source software. If so, let's make sure that policy >>> makers take into account its effects on open source development by >>> professional organisations and volunteers alike. >>> >>> Do get in touch with Maarten when you have similar concerns, want to team up >>> or can help us to provide technical expertise in the right places. >> >> If you would like to read a little more on the topic, Olaf Kolkman has just >> published a blog post on the same topic at the Internet Society blog [1]. >> >> I'm new to this community: don't be shy and talk to me :-) >> >> kind regards, Maarten >> >> [1] >> https://www.internetsociety.org/blog/2022/10/the-eus-proposed-cyber-resilience-act-will-damage-the-open-source-ecosystem/ >> > >
- Previous message (by thread): [cooperation-wg] Cyber Resilience Act effects on OSS on agenda of open source-wg
- Next message (by thread): [cooperation-wg] Cyber Resilience Act effects on OSS on agenda of open source-wg
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]