Cyber Resilience Act Poses Risk to Open Source Projects

By

Learn how the proposed law could impact projects such as Python.

The Python Software Foundation (PSF) has issued a statement warning of potential impact of the proposed Cyber Resilience Act (CRA) on open source communities, reports FOSSlife. The PSF has “found issues that put the mission of our organization and the health of the open-source software community at risk,” says Deb Nicholson, Executive Director of the PSF.

Nicholson writes: Under the current language, the PSF could potentially be financially liable for any product that includes Python code, while never having received any monetary gain from any of these products. The risk of huge potential costs would make it impossible in practice for us to continue to provide Python and PyPI to the European public.

The Eclipse Foundation and NLnet Labs have also issued statements warning of the effects that the CRA could have on global open source projects.

Read more at FOSSlife.

 
 

 
 

04/20/2023

Related content

  • Security Recommendations from Cyber Safety Review Board
  • Security and automation with SBOMs
    Already mandatory in the United States and recently approved in Europe thanks to new legislation, a software bill of materials provides information about software components, enabling IT managers to respond better to attacks and vulnerabilities.
  • News for Admins
    In the news: US Agencies Issue Quantum-Readiness Recommendations; Bitwarden Secrets Manager; IBM X-Force Releases Detection and Response Framework for Managed File Transfers; National Strategy to Expand US Cyber Workforce; SEC Adopts New Rules for Disclosure of Cybersecurity Incidents; Canonical Announces Real-Time Ubuntu for Intel Core; EU-US Data Privacy Framework Ensures Safe Data Transfers; IEEE Releases New Standard for LiFi Communications; EU Health Sector Security Risks; and JupyterLab 4.0.
  • US Agencies Issue Quantum-Readiness Recommendations
  • News for Admins
    The JUPITER supercomputer is set to become the first European exascale computing system, according to a recent agreement...
comments powered by Disqus