Open-source software vs. the proposed Cyber Resilience Act (NLnet Labs)

Posted Nov 18, 2022 17:07 UTC (Fri) by nim-nim (subscriber, #34454)
In reply to: Open-source software vs. the proposed Cyber Resilience Act (NLnet Labs) by tialaramex
Parent article: Open-source software vs. the proposed Cyber Resilience Act (NLnet Labs)

> It is unclear to me, and perhaps somebody with the right perspective can explain, why both the US and EU decided they want their computers to be secure specifically in the last 2-3 years but not say, in the 1990s or 2000s.

That’s a direct result of the tensions in Eastern Europe since 2014. At first both the US and the EU hoped things would settle down, then they ordered audit after audit (are the Russians doing to us what they are doing to the Baltic states and Ukraine?), then eventually the PTB got fed up with ordering the same one-time emergency audit several times a year, and decided to strong-arm the private sector into being secure by default.

Open-source software vs. the proposed Cyber Resilience Act (NLnet Labs)

Posted Nov 18, 2022 17:12 UTC (Fri) by nim-nim (subscriber, #34454) [Link]

Also I’m quite sure the PTB are utterly disgusted with important company A telling them it can not secure its systems because company B is not doing due diligence, if you try to drag governments down the rabbit hole don’t be surprised if they legislate some form of all-embracing sledgehammer that will make it your problem not theirs.