Comment by datsci_est_2015
3 hours ago
> I don't think we should ever head toward licensing/a credential body for software development, but I do think now is a good time to have discussions around liability for defective products.
Liability is how a credential body would organically grow. It already exists in the security, compliance, and enterprise parts of the software world.
That can be okay. The problems we're worried about come when it's government mandated.
The EU Cyber Resilience Act puts heavy liability on vendors for software vulnerabilities that get exploited, including in open-source components they incorporate. OSS devs are shielded - liability is on the companies who incorporate OSS into commercial stuff.