The Cyber Resilience Act and Open Source Software

There widespread concern and worry in the free and open source ecosystem that, despite the longstanding support for and focus on FOSS from the European Commission, the Cyber Resilience Act misunderstands how FOSS is developed and consequently there could be serious unintended impacts to those who openly share and collaborate as part of their software development process. As a result, the transparency and openness that make free and open-source software valuable could lead to excessive and duplicate CRA obligations for the developer, non-profit foundations and code repositories that do not place software on the market for profit.

This event will outline the role of FOSS in Europe and the world today, why the proposed CRA misses the target when trying to take it into consideration, and what the co-legislators can do about it.

Free and open source software (FOSS) is estimated to make up 70-90% of all software in existence. The pervasiveness of FOSS means that the unintended consequences wouldn’t only negatively affect a small part of our economy. Rather, everything from the telecommunications industry, the growing OSS SME sector and the financial sector to the IT-systems that our governments run on would be negatively affected.

There is broad support from the co-legislators and the European Commission that the CRA should achieve its goals while avoiding unintended consequences for the FOSS innovation model. We hope this event can clear up misconceptions of what FOSS is today, and what risks we need to avoid.

José Carlos Delgado Gómez, Cybersecurity Attaché, Permanent Representation of Spain to the EU
Computer Systems Engineer with more than 30 years of experience in the Spanish Administration in the field of Communications, Security of Information and Cybersecurity. Since July 2019, Counsellor for Cybersecurity Issues (Cyber Attaché) at the Permanent Representation of Spain to the EU and Spanish delegate on the Horizontal Working Group for Cybersecurity Issues at the Council.

Dirk-Willem van Gulik, Founder, Apache Software Foundation
Dirk has been an Internet engineering for over 35 years. He has worked for the Joint Research Centre of the European Commission, the United Nations, telecommunications firms, the BBC, national satellite&space agencies and founded several startups. He participated in international standards bodies, such as the IETF and W3C on metadata, GIS, PKI, Security, Architecture and Internet standards. He helped create, and was the president of the Apache Software Foundation. And has worked on Apache since the early days of the NCSA and help define what is now commonly referred to as `open source’ software.  At the start of this century  – Dirk build the initial engineering team at Covalent, as VP of Engineering and was instrumental in the first two rounds of venture capital funding in San Francisco. Dirk-Willem was one of the Founders of Asemantics, a leader in Enterprise Information Integration; which helped make the Semantic Web, and standards such as RDF, a reality. He then initiated Joost.com, a peer to peer based video and build and lead the team that created the worlds first instant play P2P viewer and a back office system with user profile driven advert targeting and payment settlements. He was the Chief Technical Architect at the BBC where has helped shape the audience facing delivery platform Forge in the time for the Olympics and where he made open standards, information security and compliance a core enabler for business processes. He currently works on several medical and privacy intensive security projects with a heavy emphasis on Architecture and Governance. When not at work, he loves to sail, hang out at the london hackspace or play with his lego.

Dr. Detlef Zerfowski, ETAS GmbH, Vice President, Engineering Excellence
Detlef Zerfowski has a Dr.-Ing. in Computer Science (University of Karlsruhe, Germany) in the domain of medical signal processing. Afterwards he changed to the automotive sector. Since 1998 he is with the Robert Bosch Group and had been in different positions in the automotive section of Bosch. During his 25 years in the area of automotive SW development and security he worked for more than six years in the Bosch SW development hub at India. During that time, he had been the General Manager of the subsidiary ETAS India Prv. Ltd.  After his return to Germany, he was responsible for strategic software topics in a Bosch corporate department. 2018 Mr. Zerfowski changed to the subsidiary ETAS GmbH and is responsible for Engineering Excellence.