Mastodawn

Are you ready for the EU CRA? 🛑

Don't wait for the deadline to scramble. We’ve put together a guide on the essential steps for compliance and expert advice for your teams.

#CyberResiliencyAct #InfoSec #AppSec #ActiveState

WabiSaaby Jan 22

Dear #Europe and european leaders.

On one hand you want to implement chat control. This is, as I've understood it, an #EU proposed law.

On the other hand you want to introduce the Cyber Resilience Act, fully implemented in 2027.

They can't coexist.

https://www.linkedin.com/posts/jacobsaaby_the-cyber-resilience-act-summary-of-the-activity-7420155033515659264-tslG?utm_source=share&utm_medium=member_ios&rcm=ACoAAACwKvMBOseSL9AOHAB8PQd43FVBggOYZeU

@Tutanota @protonprivacy @threemaapp @eff

#privacy #security #cyberresiliencyact #chatcontrol

The Cyber Resilience Act - Summary of the legislative text | Jacob Saaby Nielsen

Dear #Europe and european leaders. On one hand you want to implement chat control. This is, as I've understood it, an #EU proposed law. On the other hand you want to introduce the Cyber Resilience Act, fully implemented in 2027. In the CRA in chapter 2, in Manufacturer Obligations you write: "When designing, developing and producing the product with digital elements, the manufacturer needs to ensure that it meets the essential cybersecurity requirements. To this end, the manufacturer is required to perform a cybersecurity risk assessment, which informs the implementation of the essential requirements and needs to be taken into account during the planning, design, development, production, delivery and maintenance phases of the product. If the manufacturer integrates third-party components, it needs to exercise due diligence so that those components do not compromise the cybersecurity of its product with digital elements." This is in direct contradiction with the chat control proposal. Both can't exist at the same time, as chat control makes what would have been fully end to end encrypted content available to a 3rd party service before sending. Effectively ending the purpose of the encryption and rendering end to end encryption useless, thereby 100% compromising the security of the product. I just thought it's worth noting that you're introducing two laws that can't coexist. Introduce the CRA. Forget chat control. It will never work. And in a world where some allies turn out to be anything but, we don't need weakened security. Please share. Help make EU a safer place. https://lnkd.in/dwCXdm8X Ursula von der Leyen Dina Raabjerg Tuta | Secure Email & Calendar Proton Threema Signal Messenger Element - creators of Matrix Wire #privacy #security #cyberresiliencyact #davos

Apereo Foundation Jul 19, 2023

Don't think #HigherEd will be impacted by the #CyberResiliencyAct (#CRA)? #FileZilla's announcement will give you a taste of what's coming.

A quick search of Institutions of #HigherEducation reveals the (probably unappreciated) level of adoption of #OSS.

https://filezilla-project.org/cra.php

FileZilla - Protect Open Source Software Today!

Protect Open Source Software Today!

Andy Piper May 17, 2023

Important read: more worrying and relevant thoughts around the EU #CyberResiliencyAct and its impact on #OpenSource innovation (excellent piece by @webmink) http://blog.opensource.org/another-issue-with-the-cyber-resilience-act-european-standards-bodies-are-inaccessible-to-open-source-projects/

Another issue with the Cyber Resilience Act: European standards bodies are inaccessible to Open Source projects - Voices of Open Source

Europe's standards bodies have no functional relationships with Open Source charities and do not consult them.

Voices of Open Source