EU Cyber Resilience Act would harm open source software and competitiveness
If the EU Cyber Resilience Act is adopted in its present form, it would seriously harm the open source ecosystem and the competitiveness of the European economy, argues EDRi member Vrijschrift Foundation in a letter to the Dutch Parliament.
Open Letter: Make vulnerability disclosure in the Cyber Resilience Act more secure, not less
The CRA would require organisations to disclose software vulnerabilities to government agencies within 24 hours of exploitation. However, such recently exploited vulnerabilities are unlikely to be mitigated within such a short time, leading to real-time databases of software with unmitigated vulnerabilities in the possession of potentially dozens of government agencies. Read the open letter.