This sounds like the process required for most ISO certifications which sums up to: "pay up, do nothing useful" in my experience.
The extra cost of certification is only very _rarely_ useful. I have to laugh at the "bolster cybersecurity rules to ensure more secure hardware and software products".
It shifts the cost to the company that needs/wants CE.
On one hand, it might actually incentivize companies to pay up for OSS maintenance services, since certification requires a _process_, and not just an end product you can copy without any commitment at all. I don't see this working for small devs though (the paperwork will likely exceed the actual extra revenue in all but the largest projects - so why bother?).
This also puts CE at disadvantage where another market can just do that: steal/clone OSS and skip all the certifications. I'm a lot more worried about this point than the rest.
The extra cost of certification is only very _rarely_ useful. I have to laugh at the "bolster cybersecurity rules to ensure more secure hardware and software products".
It shifts the cost to the company that needs/wants CE.
On one hand, it might actually incentivize companies to pay up for OSS maintenance services, since certification requires a _process_, and not just an end product you can copy without any commitment at all. I don't see this working for small devs though (the paperwork will likely exceed the actual extra revenue in all but the largest projects - so why bother?).
This also puts CE at disadvantage where another market can just do that: steal/clone OSS and skip all the certifications. I'm a lot more worried about this point than the rest.