Since the EU is bringing an act , that needs the products distributed to be flawless , and it applies to open source products too , if a single of their contributor / donor works for a corporate , what will be the future of FOSS in europe with this ?
Companies need to conduct cyber risk assessments before a product is put on the market and throughout its lifecycle effectively manage its vulnerabilities, regularly test it, and so on. Products assessed as 'critical' will need to undergo external audits.
I have not read the proposal. Legal language makes me want to rip my own eyes off.
The only winners I see are those security auditors and similar providers.
Privative corpos from USA and China will arrive with all "security assesments" and "auditions" in place, and still have backdoors lol