The security issues of open-source software have been escalating steadily (as seen in the recent xz incident that nearly had widespread repercussions, fortunately detected in time). Most recently, a coalition of open-source software development foundations has come together to establish a “Secure Software Development Process.”
This initiative, hosted by the Eclipse Foundation, includes various organizations such as the Apache Software Foundation, Blender Foundation, OpenSSL Software Foundation, PHP Foundation, Python Software Foundation, and Rust Foundation.
The goal of this collaboration is to align with the Cyber Resilience Act (CRA) in Europe, which mandates several cybersecurity measures. This includes mandatory security patches for IoT hardware, risk assessments by companies, and reporting to the EU in case of breaches. It is anticipated that this legislation will be enforceable by 2027.
Currently based in Brussels, the Eclipse Foundation is located closer to the European government than other open-source organizations. Besides overseeing numerous open-source projects (not just Eclipse, but also others like Jakarta EE), they are hosting this project with the aim of creating a standardized framework for secure software development.
Source: Eclipse, Apache Software Foundation
TLDR: A coalition of open-source software foundations led by the Eclipse Foundation aims to establish a secure software development process in alignment with the Cyber Resilience Act, with enforceability expected by 2027.
Leave a Comment