Standards, guidelines and laws govern the world. However, few places embody that reality better than the digital realm. With new and hybridized attack pathways proliferating rapidly, countries are updating their cybersecurity laws to keep pace.
TheCUBE goes live with cybersecurity insights at Open Source Summit NA.
Where do these shifting grounds leave open-source developers? And how can they stay ahead, adhering to these laws without compromising the pace of innovation?
“We’re focused on improving open source and supply chain security for everybody, and everybody is a subset,” said Crob Robinson (pictured), chief security architect of OpenSSF. “Europe is part of that subset, and they just recently released a new law called the Cyber Resilience Act that is going to have some pretty far-reaching consequences across the whole globe, honestly, and the tech ecosystem especially.”
Robinson spoke with theCUBE’s Paul Nashawaty at Open Source Summit NA, during an exclusive broadcast on theCUBE, News Media’s livestreaming studio. They discussed the pressing need for devs, vendors, CIOs and other stakeholders to leverage available tools to stay compliant, build secure software and thrive in today’s regulated landscape. (* Disclosure below.)
New cybersecurity laws are a global wake-up call
The EU’s Cyber Resilience Act, or CRA, is poised to reshape the open-source and enterprise software landscape. With mandatory compliance kicking in by December 2027, organizations that ignore it risk losing access to Europe, the world’s third-largest market. Importantly, however, this is not just a European issue. Countries such as India, China, Australia and the U.K. are crafting similar legislation, and the U.S. is enforcing cybersecurity standards through procurement rules, according to Robinson.
“There’s some newer concepts like software bill of materials, but this is something that cybersecurity people are very familiar with,” he said. “Now, for upstream open-source developers, this is not necessarily anything they’ve ever had any exposure to — and there’s a lot of fear. Our mission is to provide education and awareness on what the facts of the law are and what actions you’re going to need to take. But the burden of compliance falls on manufacturers.”
These manufacturers often rely on open-source components, making secure-by-design development and transparency mission-critical. Failing to comply isn’t just an inconvenience — it’s potentially catastrophic. Under the CRA, companies found negligent in a data breach could face fines of up to 2.5 times their annual revenue per infraction, according to Robinson.
Here’s the complete video interview, part of News’s and theCUBE’s coverage of Open Source Summit:
(* Disclosure: The Linux Foundation sponsored this segment of theCUBE. Neither The Linux Foundation nor other sponsors have editorial control over content on theCUBE or News.)
Photo: News
Support our open free content by sharing and engaging with our content and community.
Join theCUBE Alumni Trust Network
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
11.4k+
CUBE Alumni Network
C-level and Technical
Domain Experts
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.
News Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of News, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — News Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, News Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
