What? We're talking about a free open source library (that I happen to use). Nobody who writes and publishes software for free should be subject to any such regulations. That's why the licenses all contain some "provided as is, no warranty" clause.
Otherwise, nobody would ever write non-commercial cryptographic libraries any longer. Why take the risk? (And good luck with finding bugs in commercial, closed source cryptographic libraries and getting them fixed...)
Taking the parallel-universe idea a bit further: for-profit actors must accept financial accountability for the open source software they engage with, whereas not-for-profit actors are exempt or even incentivised.
Build an open-source security solution as an individual? Well done you, and maybe here's a grant to be able to spend more of your free time on it, if you choose to do so.
Use an open-source security solution to sell stuff to the public and make a profit? Make sure you can vouch for the security, otherwise no profit for you.
No thanks, that would kill my one-man software business before I have even started selling a single product, and I'd also have to withdraw every open source repository I have on Github.If you want to pay 10 times more for software and make sure only large corporations sell it to you, your plan is fantastic. Otherwise, not so great.
Not sure why you choose an interpretation that goes against your interest, instead of the more advantageous one, namely that your one-man software business would be able to charge a sizeable premium if the buyer is planning to use your software in a security-sensitive operation.
You're talking about a forced price increase and in the B2C market consumers do not pay sizeable premiums. Apropos "security-sensitive operation": Any software that connects to a network is a security-sensitive operation. There is no alternative reality were your proposal wouldn't just drastically raise the price of software and make it essentially impossible for small companies to use open source software because of the increased legal risk and auditing costs.
There are already plenty of certifications that are required for software in certain business areas such as HIPA and FIPS certifications. However, these are voluntary for companies who want to sell in sectors that require them. Assuring compliance is very costly in development, auditing, and bureaucratic overhead, and for this reason this kind of software is very expensive. If Cloudflare was forced to get expensive certifications for the Circl library, they wouldn't publish it as open source. They'd perhaps sell it at a high price point. That wouldn't be an advantage for anyone. Without such libraries communication would be very insecure by default. The whole internet is running on open source security libraries that individual developers cannot implement on their own (and it would be a bad idea if they tried). Not just the internet by the way, the same holds for nearly every cryptographic and otherwise security relevant library of programming languages.
Otherwise, nobody would ever write non-commercial cryptographic libraries any longer. Why take the risk? (And good luck with finding bugs in commercial, closed source cryptographic libraries and getting them fixed...)