Cyber Resilience Act Poses Risk to Open Source Projects

By

Learn how the proposed law could impact projects such as Python.

The Python Software Foundation (PSF) has issued a statement warning of potential impact of the proposed Cyber Resilience Act (CRA) on open source communities, reports FOSSlife. The PSF has “found issues that put the mission of our organization and the health of the open-source software community at risk,” says Deb Nicholson, Executive Director of the PSF.

Nicholson writes: Under the current language, the PSF could potentially be financially liable for any product that includes Python code, while never having received any monetary gain from any of these products. The risk of huge potential costs would make it impossible in practice for us to continue to provide Python and PyPI to the European public.

The Eclipse Foundation and NLnet Labs have also issued statements warning of the effects that the CRA could have on global open source projects.

Read more at FOSSlife.

 
 

 
 

04/20/2023

Related content

  • OpenSSF Offers Free Course to Help Navigate EU Cyber Resilience Act
    more »
  • News for Admins
    In the news: GitGuardian Introduces NHI Governance; IBM Launches LinuxONE 5; OpenSSF Offers Free Course to Help Navigate EU Cyber Resilience Act; Rapid7 Announces MDR for Enterprise; Infoblox and Google Cloud Partner on DNS Security Solutions; IBM z17 Mainframe Engineered for AI; 2025 Open Source Job Survey Report; GitHub Launches Free Secret Risk Assessment Tool; Sonatype Offers End-to-End AI Software Composition Analysis; and Unmanaged Open Source Components Pose Serious Risks, Says Black Duck Report.
    more »
  • Security Recommendations from Cyber Safety Review Board
    more »
  • Lead Image © Tjefferson, Fotolia.com
    Security and automation with SBOMs
    Already mandatory in the United States and recently approved in Europe thanks to new legislation, a software bill of materials provides information about software components, enabling IT managers to respond better to attacks and vulnerabilities.
    more »
  • News for Admins
    In the news: IBM and AMD Partner on Quantum-Centric Supercomputing Initiative; Python Documentary; NVIDIA Announces Spectrum-XGS Ethernet; Rackspace Adds AI Security Engine to Its Cyber Defense Center; Microsoft Contributes DocumentDB to the Linux Foundation; OCCTET Project Created to Simplify CRA Compliance; Debian Announces Version 13 "Trixie"; CIQ Announces General Availability of Warewulf Pro; TuxCare Radar Vulnerability Scanner; CISA Releases Thorium for Automated Malware Analysis; Stack Overflow Survey: 66% of Developers Frustrated by AI Inaccuracy; and Intel Shuts Down Clear Linux OS.
    more »
comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Most Popular

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”> </a> <hr> </div> </div> <div class=