[thawawaycold]

What about EU's CRA?

[HideousKojima]

Doesn't really do anything to ensure the end-user truly has ownership over the device and the ability to control what software runs on it. 10 years of security updates is nice (assuming the company making the device doesn't go out of business in that time) but doesn't stop those devices becoming vulnerable after that (and a truly useful device will likely have more than 10 years of useful life). I don't know the specifics of the CRA, but most proposed regulatory solutions I've seen intentionally take control away from the end-user.

[number6]

The manufacturer is encouraged to open source the product at the end of the life plus the government agencies now have a saying in what is EOL.

If you still sell EOL Products, you have to make sure it is still save, even as distributor.

Take control away from the end-user is a good point, I will keep this in mind.

[number6]

You are the only one mentioning it.

I think the CRA is the right step in the right direction. Companies can finally be fined when they sell a product that has known vulnerabilities.

This is something that is discussed for years - now we have a definite Law.

And we already see changes: if you install Windows, the first thing it does is to get patches and the start over.