Open-source software vs. the proposed Cyber Resilience Act (NLnet Labs)
Open-source software vs. the proposed Cyber Resilience Act (NLnet Labs)
Posted Nov 15, 2022 18:36 UTC (Tue) by mfuzzey (subscriber, #57966)In reply to: Open-source software vs. the proposed Cyber Resilience Act (NLnet Labs) by NYKevin
Parent article: Open-source software vs. the proposed Cyber Resilience Act (NLnet Labs)
A vulnerability isn't a problem by itself. It becomes a problem when the system context allows it to be exploited.
So spectre is a huge deal for cloud providers whose whole business model is renting compute capacity on the same hardware to multiple mutually untrusted customers.
But on an embedded device that only runs software provided by the manufacturer it's not really an issue.
I hope this law allows manufacturers to say "yes we know the hardware / software has vulnerabilities A,B,C but in our case that doesn't matter because of X,Y,Z