Can Open Source be Secure by Design?
Session Abstract
The tech Industry has relied heavily on Free and Open Source Software for 20 years but under-investing in its security and maintenance has increased global cybersecurity risk. Æva Black will reflect on this history and show how regulations could improve security across the ecosystem.
Session Description
For twenty years, the tech industry has externalized more and more risk into the digital commons of free and open source software. Despite the undeniable economic benefits of open source collaboration, by withholding security-essential features and under-investing in communities which maintain that commons, industry has invited disaster.
In response to the sharp rise in global cybersecurity incidents and the role FOSS has played in some of them, some governments mobilized investments and contemplated regulations — such as SOSSA in the U.S. and the CRA in Europe — to improve the safety of our now-digital world.
Æva Black will reflect on historical inflection points that led to these challenges and share their view of how the Cyber Resilience Act could create a once-in-a-generation opportunity to improve the sustainability of open source communities through Voluntary Security Attestations.
