zlacker

Kill switches based on attested binary identity exist and can be deployed at scale. So they can and likely will be used to comply with regulatory decisions. What remains to be seen is how those regulatory decisions will be made for complex software supply chains.

In part, open-source software arose in response to opaque software.

Can opaque regulation equally govern open and opaque software?

Should open software have open (i.e. continuously evolving in public, not point-in-time negotiated) regulation that can keep up with open development and security research? Much will depend on the operational practices and transparency of national institutions tasked to implement EU CRA.