-- Leo's gemini proxy
-- Connecting to gemini.tuxmachines.org:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini;lang=en-GB
Tux Machines
Posted by Roy Schestowitz on Apr 20, 2023,
updated Apr 24, 2023
13 open source industry bodies have published a letter asking the Europe to reconsider aspects of its proposed Cyber Resilience Act.
Read on
UPDATE
> Society and governments are struggling to adapt to a world full of cybersecurity threats. Case in point: the EU CRA — Cyber Resilience Act — is a proposal by the European Commission to enact legislation with a noble goal: protect consumers from cybercrime by having security baked in during design. Even if you don’t live in the EU, today’s global market ensures that if the European Parliament adopts this legislation, it will affect the products you buy and, possibly, the products you create. In a recent podcast, our own [Jonathan Bennett] and [Doc Searles] interview [Mike Milinkovich] from the Eclipse Foundation about the proposal and what they fear would be almost a death blow to open source software development. You can watch the podcast below.
LF also:
Original:
> Dear Members of the European Parliament,
> We appreciate and applaud the goals of policy makers in both Europe and the United States to focus greater attention on the relationship between the software supply chain and cybersecurity. Our purpose today is to highlight an issue of ongoing concern to many of us who develop open source software without a profit motive: how to apportion the proposed new regulatory and liability burdens among the various economic actors engaging in software distribution in a manner that is both fair and equitable. We write to you as two non-profit developers and maintainers of some of the most well-known and widely adopted open source internet infrastructure software, each without shareholders and recognized as charities in respectively the Netherlands and the US.
> Parties involved in this complex content-based ecosystem, which is unlike anything else in industrial history, must be treated fairly - and be seen to be treated fairly - by policy makers. Without a fair allocation of burden, policy makers risk destroying the very open development and distribution system that enabled the creation and operation of the Internet they now seek to protect. Fairness demands that “Responsibility must be placed on the stakeholders most capable of taking action to prevent bad outcomes, not [..] on the open-source developer of a component that is integrated into a commercial product.” This quote, from the US Cyber Security Strategy, is fully consistent with the NLF and the Blue Guide. In contrast, the CRA moves away from the nuanced multifactor discussion of charitable activities in the Blue Guide and places the burden unconditionally on non-profit developers like us, merely because we seek to recover maintenance and development costs by providing charged-for technical support or consultancy services to businesses that implement or operate our software.
> We ask you not to undermine this funding model that has allowed us to distribute secure and stable open source internet infrastructure software for decades without the intent to make a profit and to consider the following amendment and justification.
-- Response ended
-- Page fetched on Thu Jun 13 15:14:50 2024