|
|
Subscribe / Log in / New account

Risks of misinformation

Risks of misinformation

Posted Sep 23, 2023 21:05 UTC (Sat) by pizza (subscriber, #46)
In reply to: Risks of misinformation by Wol
Parent article: The European Cyber Resilience Act

> Which is why, if you have a decent contract, you should hopefully be able to say "I am writing code at your request, you are responsible for making sure it does what's required". Then they are responsible for getting it certified and paying you to fix it if necessary.

Sure, and then they'll push back with a "ok, but just in case there's a problem, we want you to carry a $2 million liability policy" and when you inform them that this policy will cost more than the project budget, and you'll have to double your rate to cover the cost.

(This has happened to me, twice)

> Which is why, for projects of any size, I bang on about trade associations. A couple of developers get together, with a couple of clients each, form a trade association which says "for our members we will fix all known problems and certify them", and then all of a sudden we might have a decent financial basis for developers to make an income - selling certification. :-)

In other words, significantly increase the barrier to entry.

to post comments

Risks of misinformation

Posted Sep 23, 2023 21:17 UTC (Sat) by Wol (subscriber, #4433) [Link] (2 responses)

But at least then, you've had the conversation with them, that these guarantees cost money ...

But yes, I understand what you're getting at, as a sole trader this is going to be difficult (but if you've had that sort of conversation before, why will the CRA make any difference?).

Cheers,
Wol

Risks of misinformation

Posted Sep 24, 2023 0:48 UTC (Sun) by pizza (subscriber, #46) [Link] (1 responses)

> If you've had that sort of conversation before, why will the CRA make any difference?

Because under the CRA, what used to be directly billable has been turned into general overhead that folks will expect me to provide as a matter of course.

If your operation is of sufficient scale then it's not going to be that big of a deal, but my "part time consulting/support services" operation is light years from that point.

Risks of misinformation

Posted Sep 24, 2023 5:13 UTC (Sun) by wtarreau (subscriber, #51152) [Link]

That's exactly the root of the problem: people with development skills will have to stop development to spend 100% of their time on legal stuff and bureaucracy. And the EU is champion on bureaucracy. It needs to remain simple so that one doesn't have to fear a certain interpretation of the rules.

The benefits of F/OSS was recognized to the point that in the last few years, some developers saw their software land on Mars. It would not have been imagined 20 years ago that software developed by random people around the world could be critical to a space mission success. This is thanks to the commitment of these people on delivering as high quality code as possible without the fear of any liability nor anything else: 100% of their focus was on technical excellence. I'm afraid it might be the last time we see F/OSS software on another planet. what if the probe is hacked during it way due to an overflow bug on the deployed software and the mission ruined ? In practice any F/OSS developer would rather decline any request for help in getting their software better integrated because they won't know if that's going to expose them to a legal risk.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds