On 27 May, Open Regulatory Compliance (ORC) is hosting a panel in support of GitHub’s Maintainer Month, a month dedicated for open source maintainers to gather, share, and be celebrated. Daniel Stenberg is one of the speakers in the ORC’s panel, “The Cyber Resilience Act and Open Source: What Maintainers Really Need to Know.”
Daniel is a Swedish internet protocol expert and developer who has participated in and worked with open source for 30 years. He is most known for being the founder and lead developer of the curl project, one of the most widely used software components in the world.
We asked Daniel a couple of questions so that attendees could learn a bit more about his work and his thoughts on the Cyber Resilience Act in advance of the session later this month.
Can you tell us a bit about your background including your work with cybersecurity and/or the Cyber Resilience Act (CRA)?
I've maintained and shipped a popular open source project for three decades. You cannot avoid working with cybersecurity when working with open source projects. Also, as we ship a product that runs in billions of devices and products, we have been trying to stay educated and informed about the CRA and how the CRA is going to affect us.
What do you hope attendees will learn from your panel discussion?
I hope the discussion will help distribute knowledge and awareness of the CRA. I hope attendees will learn not only that the CRA exists but also some of its fundamentals and how they are intended to work and affect (and not affect) open source projects.
What do you see happening in the open source ecosystem that is helping open source maintainers navigate the CRA?
First, most small scale open source projects will not be affected at all by the CRA - and most open source projects are small scale. I think every open source project should do what we always do: strive towards gradually improving and continue to ship great stuff.
What are some common misconceptions about the CRA that you think need clearing up?
Potentially - and ideally - we will see a greater concern from those users of open source who build commercial products and services on top of open source components to contribute back and make sure the fundamentals they decide to build on are solid, secure, and safe. Meaning that even if CRA might not directly address most open source projects, the effect of the CRA might still mean that they get more attention from the ones who are affected by the CRA and are using those open source projects.
Add it to your calendar to join.
Participate with the ORC
- Follow us on social: BlueSky, LinkedIn, and YouTube
- Learn
- Contribute
- Join the Working Group
