Open Source Community Unites to Build CRA-Compliant Cybersecurity Processes - The Apache Software Foundation Blog
Cybersecurity is a central topic for governments around the world. The European Union’s Cyber Resilience Act (CRA) introduced rules on how software should be developed, tested, audited and supported to ensure more secure software. Because open source software underpins today’s global digital infrastructure, this has a profound impact on many actors in the open source software ecosystem.
The Apache Software Foundation, Blender Foundation, OpenSSL Software Foundation, PHP Foundation, Python Software Foundation, Rust Foundation, and Eclipse Foundation are jointly announcing our intention to collaborate on the establishment of common specifications for secure software development based on existing open source best practices. The working group is forming to address the multifaceted challenges of cybersecurity in the open source ecosystem, and to demonstrate our commitment to cooperation with and implementation of the CRA.
The group’s initial effort will be to enumerate existing security policies and procedures of the respective open source foundations, and similar documents describing best practices. For years, the foundations and communities have created and maintained industry best practices for secure software development processes. With these best practices as our starting point, we aim to accelerate the development of cohesive cybersecurity processes required for regulatory compliance while offering a neutral environment for hosting technical discussions with the open source community at-large.
:focal(0x0:3200x2133)/static.texastribune.org/media/files/ed5ccc3f096b38c0a1e29fe677bdfda1/0229%20Panhandle%20Fire%20MR%2008.jpg)
