Today, all the risks and cost from a cyber attack fall on the consumer. IMO the EU CRA is designed to protect consumers by sharing responsibility for cyber attack liabilities with software producers.
The issue IMO is the open source model fails to properly compensate the talented people behind open source projects Dick Brooks (REA) > On Jul 26, 2023, at 4:24 PM, John Sullivan <[email protected]> wrote: > > On Wed, Jul 26, 2023 at 09:21:30AM -0400, Dick Brooks wrote: >> Very encouraging language in the EU CRA for SBOM adoption and vulnerability >> monitoring/reporting. >> > > Small consolation given what a potential disaster the CRA is for open > source / free software in general (see especially Problem 3): > https://github.blog/2023-07-12-no-cyber-resilience-without-open-source-sustainability/ > > -john > > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1717): https://lists.spdx.org/g/spdx/message/1717 Mute This Topic: https://lists.spdx.org/mt/100370207/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/spdx/leave/2655439/21656/1698928721/xyzzy [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
