EU's Proposed CE Mark for Software Could Have Dire Impact on Open Source - Slashdot
The EU's proposed Cyber Resilience Act (CRA), which aims to "bolster cybersecurity rules to ensure more secure hardware and software products," could have severe unintended consequences for open source software, according to leaders in the open source community.
What is the EU's Cyber Resilience Act (CRA)?
The EU's proposed Cyber Resilience Act (CRA) aims to enhance cybersecurity rules to ensure more secure hardware and software products. It has four main objectives: to require manufacturers to improve the security of products with digital elements throughout their life cycle, to provide a coherent cybersecurity framework for compliance measurement, to enhance transparency of digital security in products, and to enable customers to use products with digital elements securely.
How might the CRA affect open source software?
The CRA could have significant unintended consequences for open source software. Leaders in the open source community express concern that the compliance costs associated with the new cybersecurity requirements may be prohibitive for free software developers, who often lack funding. This could fundamentally alter the open source ecosystem, which traditionally operates under a model of free software provided for any purpose without warranty or liability.
What are the estimated costs of compliance with the CRA?
The draft legislation estimates that the total cost of compliance, including the burden on businesses and public authorities, could reach EUR 29 billion (approximately $31.54 billion). However, the legislators anticipate a potential reduction in costs from security incidents, estimated between EUR 180 to 290 billion annually. This raises concerns about how smaller organizations, particularly those in the open source community, will manage these compliance costs.
EU's Proposed CE Mark for Software Could Have Dire Impact on Open Source - Slashdot
published by Hixardt Technologies, Inc.
Hixardt is a professional IT managed cybersecurity service provider, offering cloud managed services, virtualization, compliance, and support desk services. We specialize in email threat intervention, network intrusion protection, backup solutions, disaster recovery options, and compliance services to meet the demanding needs of commercial businesses, non-profit organizations, and state, local and federal government offices.
Today’s organizations need to ensure their productivity, profitability, and continuity. As a strategic technology provider, Hixardt is as involved as you need us to be. With our best-in-class portfolio of products and services, we help you secure and grow your digital environment—from system architecture, to management, to optimization, and to protection and recovery.
We are Hixardt. We make IT Happen.
Sign in with LinkedIn