On 2023-07-26 4:24 p.m., John Sullivan wrote:
On Wed, Jul 26, 2023 at 09:21:30AM -0400, Dick Brooks wrote:
Very encouraging language in the EU CRA for SBOM adoption and vulnerability
monitoring/reporting.
Small consolation given what a potential disaster the CRA is for open
source / free software in general (see especially Problem 3):
https://github.blog/2023-07-12-no-cyber-resilience-without-open-source-sustainability/
Ya, John beat me to it.
As drafted, the CRA poses a dire threat to the global open source
ecosystem as we know it. Praising its SBOM requirements is small solace
to the projects and communities which will suffer from its overreach.
Some additional background reading for those who are not adequately
familiar with this topic:
* https://blog.nlnetlabs.nl/open-source-software-vs-the-cyber-resilience-act/
*
https://www.internetsociety.org/blog/2022/10/the-eus-proposed-cyber-resilience-act-will-damage-the-open-source-ecosystem/
*
https://eclipse-foundation.blog/2023/02/23/cyber-resilience-act-good-intentions-and-unintended-consequences/
*
https://eclipse-foundation.blog/2023/01/15/european-cyber-resiliency-act-potential-impact-on-the-eclipse-foundation/
--
*Mike Milinkovich*
*Executive Director **Eclipse Foundation AISBL*
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#1719): https://lists.spdx.org/g/spdx/message/1719
Mute This Topic: https://lists.spdx.org/mt/100370207/21656
Group Owner: [email protected]
Unsubscribe: https://lists.spdx.org/g/spdx/leave/2655439/21656/1698928721/xyzzy
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
