Standards and the presumption of conformity
Access to the law includes access to the harmonized standards it predicates. But is it right that those standards can include royalty-due patents (SEPs)?
cra
Improving Open Source security with the new GitHub Secure Open Source Fund
Launched with a $1.25 million commitment from partners, the GitHub Secure Open Source Fund is designed to address a critical issue: the often-overlooked necessity of security for widely-used Open Source projects.
CRA standards request draft published
The European Commission recently published a public draft of the standards request associated with the Cyber Resilience Act (CRA). For those who depend on incorporating or creating Open Source software, there is an encouraging new development found here. For the first time in a European standards request, there is an express requirement to respect the needs of Open Source developers and users.
Openly Shared: CRA’s Open goes beyond the OSD
The definition of “open source” in the most recent version (article 2(48)) of the Cyber Resilience Act (CRA) goes beyond the Open Source Definition (OSD) managed by OSI.
The European regulators listened to the Open Source communities!
Open Source communities defended developers and foundations against risks posed by the CRA to Open Source development, and their voices were heard. Workshops being offered at FOSDEM offer a chance for others to participate moving forward.
Diverse Open Source uses highlight need for precision in Cyber Resilience Act
The final legislative phase of the Cyber Resilience Act (CRA) is starting and the drafts still have issues arising from framing by the Commission or Parliament. Read OSI’s recommendations to frame the trialogue.
OSI calls for revision of disclosure rules in CRA
OSI is a co-signatory of an open letter sent this week to the European Parliament by European Digital Rights (EDRi) expressing concern that the Cyber Resilience Act (CRA) draft currently under consideration still includes mandatory requirements for vulnerability disclosure that violate best practices in Open Source software collaborations and are likely to actually undermine the security of digital products and the individuals who use them.
Another issue with the Cyber Resilience Act: European standards bodies are inaccessible to Open Source projects
Europe’s standards bodies have no functional relationships with Open Source charities and do not consult them.
The Cyber Resilience Act introduces uncertainty and risk leaving Open Source projects confused
What might happen if the uncertainty persists around who is held responsible under the Cyber Resilience Act (CRA)? The global Open Source community is averse to legal risks and generally lacks access to counsel, so it’s very possible offers of source code will simply be withdrawn rather than seeking to resolve the uncertainty.
The vital role of Open Source maintainers facing the Cyber Resilience Act
This year’s Maintainer Month feels different given what’s happening with the European Cyber Resilience Act. Their role is under more pressure than usual and yet, it’s often misunderstood. Open Source…
The ultimate list of reactions to the Cyber Resilience Act
The European Commission’s proposed Cyber Resilience Act (CRA) as drafted may harm Open Source, and perhaps all other non-industrial software. A list of most relevant responses.