OSI calls for revision of disclosure rules in CRA

OSI is a co-signatory of an open letter sent this week to the European Parliament by European Digital Rights (EDRi) expressing concern that the Cyber Resilience Act (CRA) draft currently under consideration still includes mandatory requirements for vulnerability disclosure that violate best practices in Open Source software collaborations and are likely to actually undermine the security of digital products and the individuals who use them.

“OSI very much supports the intent of the CRA to make the use of technology safer for citizens, but has repeatedly observed that the Act was drafted without adequate consultation with Open Source projects and the charities that enable them,” said Simon Phipps, director of standards and EU policy at OSI. “We hope that even at this late stage the valuable guidance in this open letter will be integrated into the Act.”