Recently adopted by the European Parliament, the Cyber Resilience Act (CRA) prompts the collaboration of seven open source foundations, aiming to establish unified specifications and standards.
Recently adopted by the European Parliament, the Cyber Resilience Act (CRA) prompts the collaboration of seven open source foundations, aiming to establish unified specifications and standards.
The Apache Software Foundation, Blender Foundation, Eclipse Foundation, OpenSSL Software Foundation, PHP Foundation, Python Software Foundation, and Rust Foundation have announced their commitment to consolidate resources and harmonize security protocols across the open source landscape. Their collective endeavor seeks to address concerns regarding the reliability of the software supply chain under the forthcoming regulatory framework.
As open source components constitute a significant portion, estimated between 70% and 90%, of modern software, the Cyber Resilience Act holds considerable implications for software developers and manufacturers. This legislation mandates adherence to stringent cybersecurity standards, imposing penalties for noncompliance, including fines of up to €15 million or 2.5% of global turnover.
Initially met with criticism from various industry stakeholders, the CRA underwent revisions to accommodate concerns surrounding liability and accountability in open source development. While exemptions were granted to non-commercial projects, ambiguity persisted regarding the classification of financial support within the realm of "commercial activity."
With the CRA scheduled for enforcement in 2027, open source foundations have embarked on collaborative efforts to enhance documentation standards and align cybersecurity processes. Recognizing the need for cohesive cybersecurity practices across diverse open source initiatives, this initiative aims to streamline development methodologies and terminology.
The Eclipse Foundation, serving as the driving force behind the collaboration, underscores the urgency of establishing comprehensive cybersecurity standards in response to evolving legislative mandates. Spearheading the initiative from Brussels, the Eclipse Foundation seeks to unify industry stakeholders and promote standardized cybersecurity practices across the open source community.
0 Comments