A Technology Broker and Management Company Specializing in KM Systems
Favorite If you have been following the progress of the Cyber Resilience Act (CRA), you may have been intrigued to hear that the next step following publication of the Act as law in the Official Journal is the issue of a European Standards Request (ESR) to the three official European
Read More
Shared by voicesofopensource December 10, 2024
Favorite The Open Source community underpins much of today’s software innovation, but with this power comes responsibility. Security vulnerabilities, unclear licensing, and a lack of transparency in software components pose significant risks to software supply chains. Recognizing this challenge, GitHub recently announced the GitHub Secure Open Source Fund—a transformative initiative
Read More Shared by voicesofopensource December 3, 2024
Favorite The European Commission recently published a public draft of the standards request associated with the Cyber Resilience Act (CRA). Anyone who wants to comment on it has until May 16, after which comments will be considered and a final request to the European Standards Organizations (ESOs) will be issued.
Read More Shared by voicesofopensource May 2, 2024
Favorite The definition of “open source” in the most recent version (article 2(48)) of the Cyber Resilience Act (CRA) goes beyond the Open Source Definition (OSD) managed by OSI. It says: “Free and open-source software is understood as software the source code of which is openly shared and the license
Read More Shared by voicesofopensource April 26, 2024
Favorite During 2023, OSI and many others across the Open Source communities spent a great deal of time and energy engaging with the various co-legislators of the European Union (EU) concerning the Cyber Resilience Act (CRA). Together with a revision to Europe’s Product Liability Directive (PLD), the CRA will bring
Read More Shared by voicesofopensource February 2, 2024
Favorite As the European Cyber Resilience Act (CRA) is entering into the final legislative phase, it still has some needs arising from framing by the Commission or Parliament that result in breakage no matter how issues within its scope are “fixed”. Here’s a short list to help the co-legislators understand
Read More Shared by voicesofopensource September 5, 2023
Favorite OSI is a co-signatory of an open letter sent this week to the European Parliament by European Digital Rights (EDRi) expressing concern that the Cyber Resilience Act (CRA) draft currently under consideration still includes mandatory requirements for vulnerability disclosure that violate best practices in Open Source software collaborations and are
Read More Shared by voicesofopensource June 20, 2023
Favorite One of the proposals in the Cyber Resilience Act (CRA) is that European standards bodies should develop suitable standards that help simplify conformance. Bert Hubert explains how this might work in his extensive CRA explainer. There’s a crucial issue here for Open Source. EU policy experts say not to
Read More Shared by voicesofopensource May 16, 2023
Favorite What might happen if the uncertainty persists around who is held responsible under the Cyber Resilience Act (CRA)? The global Open Source community is averse to legal risks and generally lacks access to counsel, so it’s very possible offers of source code will simply be withdrawn rather than seeking
Read More Shared by voicesofopensource May 11, 2023
Favorite This year’s Maintainer Month feels different given what’s happening with the European Cyber Resilience Act. Their role is under more pressure than usual and yet, it’s often misunderstood. Open Source maintainers are the cornerstone of collaborative software development. They dedicate their time and expertise to ensure the smooth functioning
Read More Shared by voicesofopensource May 10, 2023