Open Source in Europe: Facing the regulatory challenge
The Cyber Resilience Act in Europe sets strict security standards for digital products, impacting the Open Source community. Experts discuss compliance challenges and initiatives to support businesses navigating regulations. Open Source faces coordination needs for better engagement in standardization processes.
Read original article
The Cyber Resilience Act (CRA) in Europe will enforce strict security standards for digital products, posing challenges for the Open Source community. At OW2Con, experts like Simon Phipps and Camille Moulin discussed compliance with the CRA and its impact on Open Source. Stéfane Fermigier highlighted efforts by organizations like CNLL and APELL to support businesses in navigating the CRA's regulations. The CRA mandates CE marking for digital products in Europe, requiring compliance with security and functionality standards. However, European standards bodies lack Open Source expertise, prompting initiatives by Eclipse to assist with compliance. While the Open Source community has made progress in engaging with regulations like the CRA, there is a need for improved coordination and strategy to ensure open-source perspectives are considered in standardization processes. Organizations like OSI and APELL play vital roles in advocating for Open Source interests within regulatory frameworks.
Related
CISA and Partners Guidance for Memory Safety in Critical Open Source Projects
CISA, FBI, and Australian Cyber Security Centre collaborate on memory safety guidance for open source projects. Emphasizes risk understanding, roadmap creation, and collaboration with the open source community for enhanced cybersecurity.
FOSS funding vanishes from EU's 2025 Horizon program plans
Advocates raise concerns over disappearing funding for FOSS initiatives in the EU's Horizon program 2025 proposal. Criticism focuses on the elimination of support for NGI, impacting EU laws compliance and digital services. Gibello emphasizes the importance of sustaining FOSS community support amid funding uncertainties.
So you want to compete with or replace open source
The article delves into open source software's evolution, business challenges, and emerging movements like "post-open" and "Fair Source." It questions their ability to balance commercial interests with open source collaboration.
FOSS funding vanishes from EU's 2025 Horizon program plans
Advocates express concern over scarce funding for EU's FOSS initiatives in the 2025 Horizon program. Criticism arises for eliminating NGI funding, impacting EU's data protection efforts. Uncertainties loom regarding future support and strategic shifts towards green and digital transitions.
FOSS funding vanishes from EU's 2025 Horizon program plans
Advocates raise concerns over disappearing funding for FOSS initiatives in the EU's Horizon program 2025 proposal. NGI's impact report underscores success but worries persist about future resources and support.
5 commentsThe first version of CRA was devastating for open source. Thanks to their efforts, the adopted version has a lot of clauses for open source, it's survivable. Open-source stewards should be "subject to a light-touch and tailor-made regulatory regime", components are mostly exempt.
Is this a case of, if anyone in europe compiles your software, and it doesnt meet standards, you are now a criminal? Or is the onus on europeans to install only certified software?
Obviously dependencies go pretty deep these days, is say Package B certifying for itself and Package A. Or is Package B assuming Package A will also provide its own certification?
Can you comprehensively fail the certification and have it revoked?
Related
CISA and Partners Guidance for Memory Safety in Critical Open Source Projects
CISA, FBI, and Australian Cyber Security Centre collaborate on memory safety guidance for open source projects. Emphasizes risk understanding, roadmap creation, and collaboration with the open source community for enhanced cybersecurity.
FOSS funding vanishes from EU's 2025 Horizon program plans
Advocates raise concerns over disappearing funding for FOSS initiatives in the EU's Horizon program 2025 proposal. Criticism focuses on the elimination of support for NGI, impacting EU laws compliance and digital services. Gibello emphasizes the importance of sustaining FOSS community support amid funding uncertainties.
So you want to compete with or replace open source
The article delves into open source software's evolution, business challenges, and emerging movements like "post-open" and "Fair Source." It questions their ability to balance commercial interests with open source collaboration.
FOSS funding vanishes from EU's 2025 Horizon program plans
Advocates express concern over scarce funding for EU's FOSS initiatives in the 2025 Horizon program. Criticism arises for eliminating NGI funding, impacting EU's data protection efforts. Uncertainties loom regarding future support and strategic shifts towards green and digital transitions.
FOSS funding vanishes from EU's 2025 Horizon program plans
Advocates raise concerns over disappearing funding for FOSS initiatives in the EU's Horizon program 2025 proposal. NGI's impact report underscores success but worries persist about future resources and support.