zlacker

>>ahuber+(OP)
This regulation is so shitty. I'm quite sure that it is supported by big actors in the end, because the end goal is to ensure to have a regulatory barrier that will avoid small actors to be able to strive in the software field.

Also, to avoid "dangerous" not yet professional amateurs having a chance against big editors.

>>greatg+2b
Unless you sell critical products as described in Annex III[1] the requirements to fulfill CRA are quite harmless. It's mostly stuff you should be doing anyway like a risk assessment and documentation. An additionally requirement is to provide a conformity assessment, which you can do yourself for non critical software, and you must report vulnerabilities within 24 hours.

Not too bad really.

[1] https://eur-lex.europa.eu/resource.html?uri=cellar:864f472b-...

>>Larisc+4j
Ya so if some kid whose 16 is messing around on his computer figures out some cool app starts publishing it and then bam the incumbents can smack him down.

The regulations are designed to deepen the software moat, and security theater, and I say this as an InfoSec professional.

>>gustav+yr
This is nonsense, because non-commercial activities are exempt from the CRAs requirements.

>>Larisc+5y
Yes and regulation will ensure non-commercial activities stay that way. I write open source code because I love building software tools and there aren't a whole lot of opportunities to commercialize my work. I'd love it if an opportunity ever came along one day to get rich building a tool, that I could pounce on, in which case I'd love to know that I wouldn't immediately get jumped and mobbed by regulators.