Hi all,
I just browsed the ISOC article linked below and it sounds wrong to me. While
it is correct to note that "certification will not eradicate bugs even when a
manufacturer is fully compliant", trying to exempt FOSS is not the right approach.
What software would you use, a fully certified, professional OS, or a
run-at-your-risk product by hobbyists who are exempted from security
regulations by a compassionate exception to the Cyber Resilience Act?
If the point is certification costs, I'd recommend that certification agencies
be required to work for a percentage of the cover price of the product they're
certifying, which is 0 for most FOSS packages. No exceptions.
Best
Ale
On Tue 25/Oct/2022 10:53:39 +0200 Johan Helsingius wrote:
Hi Maarten,
Thank you for the heads-up - it is definitely a proposal that
needs to be followed.
Julf
On 24-10-2022 14:58, Maarten Aertsen wrote:
Dear cooperation working group,
I'd like to call your attention to my talk on the draft agenda of the
open source wg this Wednesday, because I believe it may be of interest to
members of this group:
On 10/10/2022 18:47, Marcos Sanz wrote:
Agenda RIPE 85 Open Source WG Session
Wednesday, October 26, 10:30 - 11:30 (CEST)
[..]
B. "Cyber Resilience Act effects on OSS", Maarten Aertsen, NLnet
Labs
NLnet Labs is closely following a legislative proposal by the European
Commission affecting almost all hardware and software on the
European market. The Cyber Resilience Act intends to ensure cybersecurity of
products with digital elements by laying down requirements and obligation
for economic operators.
In this short talk you'll learn what to expect in the Cyber Resilience Act
and why this proposal may matter to you as a developer
or user of open source software. If so, let's make sure that policy
makers take into account its effects on open source development by
professional organisations and volunteers alike.
Do get in touch with Maarten when you have similar concerns, want to team up
or can help us to provide technical expertise in the right places.
If you would like to read a little more on the topic, Olaf Kolkman has just
published a blog post on the same topic at the Internet Society blog [1].
I'm new to this community: don't be shy and talk to me :-)
kind regards, Maarten
[1]
https://www.internetsociety.org/blog/2022/10/the-eus-proposed-cyber-resilience-act-will-damage-the-open-source-ecosystem/
--
To unsubscribe from this mailing list, get a password reminder, or change your
subscription options, please visit:
https://lists.ripe.net/mailman/listinfo/cooperation-wg
