CRA

Posted Jan 2, 2026 21:58 UTC (Fri) by fenncruz (subscriber, #81417)
In reply to: CRA by linuxrocks123
Parent article: Kroah-Hartman: Linux kernel security work

I think the CRA is a good thing. Even though it's making alot of work for me at the moment (in a large software company) it's finally made upper management care about security. It's amazing how much developer time I can get allocated to fix technical debt when there's the possibility of fines on the line.

Sure some it is just paperwork and box tickings, but we are also getting resources to fix actual issues we've been fighting for, for years.

to post comments

CRA

Posted Jan 4, 2026 14:18 UTC (Sun) by raven667 (subscriber, #5198) [Link]

I too think the EU CRA has a lot of positive benefit, and I'm happy when a compliance effort can produce real fruit because orgs actually do the work to fix things rather than malicious faux-compliance (like adding cookie banners instead of fixing privacy practices).

I'm rather enjoying the focus my org has on compliance with new US ADA enforcement rules (which to be honest are never going to be invoked because the Trump regime doesn't care about civil rights/accessibility and would only prosecute if the bribe check didn't clear) which has given me the opportunity to bring all the web apps up to the same HTML theme/template and coding style instead of three different ones depending on the era when the app was made and how maintained it is. I also got to make a mini web-app server-side framework to factor out duplicate code from the CGIs without taking a large dependency on something like Dancer or Mojolicious, so it's all still simple enough to fit into one persons head but benefits from standardization of how extensibility is performed.