We can all agree that securing our software is a good thing. Thanks to one security fiasco after another – the SolarWinds software supply chain attack, the perpetual Log4j vulnerability, and the npm maintainer protest code gone wrong – we know we must secure our code. But the European Union’s proposed Cyber Resilience Act (CRA) goes way, way too far in trying to regulate software security.
Free software and open source licenses evolved to deal with code in the 1970s and ’80s. Today it must again transform to deal with AI models.