EU Cyber Resilience Act part two: Updates & Impracticalities

submited by
Style Pass
2023-03-19 12:30:05

This is a living document - I’d normally spend a few days polishing everything, but since CRA talks are ongoing right now, there’s simply no time for that. Check back frequently for updates! Also please let me know urgently on if you think I’m reading things incorrectly!

As a follow-up to my earlier post on the EU Cyber Resilience Act, here I’d like to address some practicalities: how would it actually work.

Like with the previous article, I want to thank the many people that spent serious time explaining the CRA and its intentions to me, this is most appreciated.

A very key issue is how the CRA deals with third party components that form part of your product of software. Many modern devices and software consist mostly of third party components, with some new functionality layered on top. As an extreme example, you could build a credible firewall product that, by source code weight, is 99% Linux kernel and 1% user interface.

Similarly, a security camera will also typically run Linux, and then use existing vision libraries and tools to encode and distribute the video.

Leave a Comment