EU’s Proposed Cyber Resilience Act Raises Concerns for Open Source and Cybersecurity

“The proposed law will penalize open source developers who receive any amount of monetary compensation for their work, writes the EFF.”Any open source developer soliciting donations or charging for support services for their software is not exempted and thus liable for damages if their product inadvertently contains a vulnerability which is then incorporated into a product, even if they themselves did not produce that product.””Smaller organizations which produce open source code to the public benefit may have their entire operation legally challenged simply for lacking funds to cover their risks. This will push developers and organizations to abandon these projects altogether, damaging open source as a whole.””It will also require manufacturers to report actively exploited, unpatched vulnerabilities to regulators.””This requirement risks exposing the knowledge and exploitation of those vulnerabilities to a larger audience, furthering the harms this legislation is intended to mitigate.””We call on the European Commission to take the concerns of the open source community and security professionals seriously and amend the proposal to address these serious concerns,” states the blog post.

Blog Post

Leave a Reply

Your email address will not be published. Required fields are marked *