As a small and medium business operating in Europe GeoCat BV is clearly affected by the forthcoming European Cyber Resilience Act (CRA). We are a proud open source company and are concerned about our friends and partners caught up in the uncertainty around this proposed legislation.
We applaud the goals of the CRA as security is a responsibility GeoCat handles with care on behalf of our customers and products.
GeoCat is proud of the products we offer our customers: GeoCat Live, GeoNetwork Enterprise and GeoServer Enterprise. Each of these products are offered with a clear vendor relationship, an aspect of which is the handling and communication of security vulnerabilities.
Part of the magic of free and open-source is the rich collaborations formed across industry, academia, and government working alongside non-governmental organizations and enthusiasts. We are concerned that the CRA as proposed places undue hardships on these relationships. These relationships form a network of trust, and cannot be reduced to a product relationship.
We encourage regulators to seek expert input at this time. With so much of technology based in free and open-source technology we encourage regulators to look at ways to support security priorities with a deeper understanding.
Dutch regulators are encouraged to read: