|
|
|
|
|
|
by _tk_
841 days ago
|
|
|
I cannot really speak to the "Radio Equipment Directive", but what the author claims or implies with regards to the Cyber Resilience Act is not correct. These Annexes explain the imposed Vulnerability Handling Processes imposed on manufacturers. The EU obviously only speaks about _exploitable_ vulnerabilities, because they know the problems of the CVE system all too well. Best of all, open source projects are actively excluded by the CRA. [2]
"Open source projects will not be required to directly implement the mandated processes described in the CRA. But every commercial product made available in the EU which is built on top of those open source projects will." [1]: https://eur-lex.europa.eu/resource.html?uri=cellar:864f472b-... [2]: https://eclipse-foundation.blog/2023/12/19/good-news-on-the-... |
|
|