The EU’s proposed Cyber Resilience Act (CRA), which aims to “bolster cybersecurity rules to ensure more secure hardware and software products,” could have severe unintended consequences for open source software, according to leaders in the open source community.