OpenWrt One vs. EU Cyber Resilience Act

Gregers Baur-Petersen glp at openwrt.org
Sat Jan 20 03:50:59 PST 2024 

I did look into the EU CRA from the commercial entity point-of-view. 
SBOM documentation and continued product monitoring for vulnerabilities 
and hazards to people are central + effective incident response 
(including; how to pull a product of the market if needed).

In regard to OpenWrt One; it would perhaps be enough if it was/is 
classified as a not-for-profit device ...?

On 19/01/2024 21.18, Hauke Mehrtens wrote:
> The EU is working on a EU Cyber Resilience Act to improve the software 
> security of (consumer) software and (consumer) hardware which contains 
> software. This should be similar to the CE sign, but for software.
> https://en.wikipedia.org/wiki/Cyber_Resilience_Act
> 
> After the successful lobbying of multiple open source organizations non 
> commercial open source software developer would be exempt from this 
> regulation. As far as I understood the OpenWrt project would not be 
> affected by this regulation, but if a vendor uses OpenWrt on a router, 
> this vendor has to make sure that his product including OpenWrt is 
> compliant when selling onto the EU market. With the OpenWrt One we or 
> Banana Pi could also get required to take care of this regulation.
> 
> Did someone look into the requirements needed to make OpenWrt compliant 
> to the EU Cyber Resilience Act for a commercial entity?
> 
> Did someone look into this regulation with the OpenWrt One project in mind?
> 
> I support the general idea of the EU to improve the security of 
> software. I think the current draft is much better regarding open source 
> than the first versions.
> 
> Hauke
> 
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel

-- 
  -----------------------------------------------------
  Gregers Baur-Petersen
  Anthropologist
  Information security consultant

   _______                     ________        __
  |       |.-----.-----.-----.|  |  |  |.----.|  |_
  |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
  |_______||   __|_____|__|__||________||__|  |____|
           |__| W I R E L E S S   F R E E D O M
  -----------------------------------------------------
  OpenWrt 19.07.2, r10947-65030d81f3
  -----------------------------------------------------

More information about the openwrt-devel mailing list