|
|
Subscribe / Log in / New account

CRA paperwork for a fee impact on "hobbyist" status

CRA paperwork for a fee impact on "hobbyist" status

Posted Jun 7, 2025 14:18 UTC (Sat) by marcH (subscriber, #57642)
In reply to: CRA paperwork for a fee impact on "hobbyist" status by dottedmag
Parent article: Open source and the Cyber Resilience Act

> A vulnerability is discovered in this library. Google Android security team, security teams of 500 ODM manufacturers and 10 million security-conscious owners of headsets all come filling my inbox and demanding a security fix.

Whatever the law says, that seems extreme and unrealistic.

- Google is likely to just go and fix the vulnerability itself to preserve the value of its brand.
- ODMs are more likely to first pressure the "bigger" fish with whom they already have a business relationship and contacts there, and who has more manpower and is more likely to get things done one way or the other.
- Good luck finding 10 million "security-conscious" users and good luck finding end users technical enough to understand the vulnerability is who is to blame. You could receive some email, granted. But not from 10 million people.

PS: do ODMs have a security team? ;-)

to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds