EU’s Cyber Resilience Act contains a poison pill for open source developers

The Register

We can all agree that securing our software is a good thing. Thanks to one security fiasco after another – the SolarWinds software supply chain attack, the perpetual Log4j vulnerability, and the npm maintainer protest code gone wrong – we know we must secure our code. But the European Union’s proposed Cyber Resilience Act (CRA) goes way, way too far in trying to regulate software security.

Open Source: Separating Fact from Fiction


Open source software is ubiquitous and makes up much of the software infrastructure that underlies the systems our society relies on, from mobile phones to Internet technologies to automotive and national security systems. But as open source software has taken the spotlight—particularly efforts to ensure the security and sustainability of the ecosystem—it’s important to separate fact from fiction when thinking about open source and how best to support and use it.