EU’s Cyber Resilience Act contains a poison pill for open source developers

The Register

We can all agree that securing our software is a good thing. Thanks to one security fiasco after another – the SolarWinds software supply chain attack, the perpetual Log4j vulnerability, and the npm maintainer protest code gone wrong – we know we must secure our code. But the European Union’s proposed Cyber Resilience Act (CRA) goes way, way too far in trying to regulate software security.