zlacker

[return to "EU Cyber Resilience Act: What does it mean for open source?"]
1. chacha+Dg[view] [source] 2023-12-30 22:11:32
>>ahuber+(OP)
There is a lot of talk about who this regulation is supposed to cover, but not a lot about what it actually requires if it covers you. The best I could find after a couple quick searches was that you're supposed to provide information about the security mechanisms used and regular security updates over the lifetime of the product. Is there anything else? This doesnt sound terribly hard to comply with at first glance.
◧◩
2. transp+ki[view] [source] 2023-12-30 22:23:11
>>chacha+Dg
One example from the BSA (Business Software Alliance) statement on an earlier draft of CRA, https://www.bsa.org/files/policy-filings/11012022eucra.pdf

   The CRA requires manufacturers to ensure vulnerabilities are handled effectively for the expected product lifetime or 5 years, whichever is shorter.
[go to top]