EU's Cyber Resilience Act contains a poison pill for open source developers
The road to hell is paved with good intentions Opinion We can all agree that securing our software is a good thing. Thanks to one security fiasco after another - the SolarWinds software supply chain attack, the perpetual Log4j vulnerability, and the npm maintainer protest code gone wrong - we know we must secure our code. But the European Union's proposed Cyber Resilience Act (CRA) goes way, way too far in trying to regulate software security....