I want to contribute to a shared understanding of how the CRA will most likely affect developers of open-source software.| The NLnet Labs Blog
Debian Public Statement about the EU Cyber Resilience Act and the Product Liability Directive The European Union is currently preparing a regulation "on horizontal cybersecurity requirements for products with digital elements" known as the...| Debian Project
A bit of an “emergency blog post”. The final compromise text of the EU Cyber Resilience Act is now available, and various open source voices are now opining on it. This is a complex act and other parts of the open source world (like the Eclipse Foundation and NLNet Labs) have been hard at work to advocate with the EU and member states to get a CRA that is good for open source.| Bert Hubert's writings
This is a living document - I’d normally spend a few days polishing everything, but since CRA talks are ongoing right now, there’s simply no time for that. Check back frequently for updates! Also please let me know urgently on bert@hubertnet.nl if you think I’m reading things incorrectly! As a follow-up to my earlier post on the EU Cyber Resilience Act, here I’d like to address some practicalities: how would it actually work.| Bert Hubert's writings
First a round of thanks for the many people in industry and government who provided valuable links, background and insights! I could not have done this without your help! If you spot any mistakes, or have suggestions, please do contact me on bert@hubertnet.nl The EU’s new Cyber Resilience Act is admirable in its goal. And the EU is not alone in thinking something needs to be done about the dreadful state of security online – the Biden administration has just released its National Cybersec...| Bert Hubert's writings
By Maarten Aertsen NLnet Labs is closely following a legislative proposal by the European Commission affecting almost all hardware and software on the European market. The Cyber Resilience Act (CRA) intends to ensure cybersecurity of products with digital elements by laying down requirements and obligations for manufacturers. 🥳update, december 2023:| The NLnet Labs Blog
There are lots of calls to invest in improving cybersecurity. But it struck me that it doesn’t work like that. Not getting hacked is not so much a question of buying the right stuff. It is a question of doing the right things and understanding what you are doing. It is easy to demand that people ‘invest’ in something. You can even supply them with the money to do so.| Bert Hubert's writings