An amendment to the EU Cyber Resilience Act (CRA) has changed the widely accepted definition of open source software, which has the potential to lead to confusion across the open source community.