Episode 224: Ciarán O’Riordan on the EU's Cyber Resiliency Act
vor 2 Jahren
Ciaran shares his insights on the Cyber Resiliency Act's impact on
the FOSS community, draft concerns, community involvement, and the
wider legislative landscape in Europe.
Podcast
Podcaster
Beschreibung
vor 2 Jahren
Guest Ciarán O’Riordan Panelist Richard Littauer | Leslie Hawthorne
Show Notes In this episode, host Richard Littauer and co-host
Leslie Hawthorne engage with Ciarán O’Riordan, Senior Policy
Advisor from Open Forum Europe (OFE), diving into the intricacies
of the Cyber Resiliency Act (CRA) and its implications for the Free
and Open Source Software (FOSS) community. Ciarán shares his
journey from software development to policy advocacy, emphasizing
the critical role of policy work in shaping the future of open
source. He provides an in-depth analysis of the CRA, highlighting
concerns about its initial draft, the involvement of the FOSS
community in shaping its final form, and the potential challenges
and opportunities it presents. The discussion also touches on other
significant legislative developments in Europe, such as the Product
Liability Directive and the AI Act, and their potential effects on
open source software. Press download now to hear more! [00:01:25]
Ciarán explains how he became a Senior Policy Advisor, his passion
for policy work, tracing his journey from a software developer in
Dublin to his 20-year career in Brussels focusing on policy
advocacy, including his recent position at OFE. [00:06:08] Leslie
asks Ciarán for a summary of the Cyber Resilience Act (CRA) and its
specific implications for the free and open source software
ecosystem. Ciarán contrasts the initial and final versions of the
CR, detailing the changes made, the lightened obligations for free
and open source software, and the ongoing compliance challenges for
commercial distributions. [00:11:02] Leslie inquires how software
foundation’s responsible for producing commercialized software are
impacted by the Cyber Resilience Act. Ciarán explains that the
final version of the Act introduces a new category called “Open
Source Stewards” for entities like software foundations, which have
a reduced set of obligations without fines. He also mentions the
timeline for the CRA, stating in will come into force around
summertime 2027, after being officially signed. [00:16:09] Richard
asks about the CRA’s impact on individual non-European developers,
like himself, who have repositories on platforms like GitHub or
GitLab. Ciarán responds that the specifics of how the CRA will
affect such developers will become clear once the standards are
developed. [00:17:55] Ciarán clarifies the role of software
foundations is to provide services or procedures for compliance,
which may vary across different foundations. [00:19:36] Richard
wonders who benefits from this Act, and Ciarán discusses the
justification for the CRA, which is cost-based, comparing the
cybersecurity costs with compliance costs. [00:21:31] Leslie asks
about the process of creating standards for CRA compliance and how
average FOSS developers can influence these standards and questions
the best ways for FOSS developers to get involved in influencing
the outcomes beneficial to the FOSS ecosystem. Ciarán notes that
working on standards and policy is complex and compares it to
contributing to software development on short notice. [00:26:07]
Ciarán discusses OFE’s multi-layered structure and the FOSS
community list, which serves as a base for information sharing and
connection. [00:27:24] Richard questions the impact CRA on
individual developers with numerous dependencies in their projects.
Ciarán reassures that there is no immediate cause for panic as the
CRA will not come into force until summer 2027 and many details
will be clarified in the coming years. [00:28:39] Leslie shifts the
discussion the Product Liability Directive (PLD) and its relevance
to the FOSS ecosystem and Ciarán goes in depth about it. [00:33:36]
Find out where you can learn more about Ciarán and OFE on the web.
Quotes [00:04:58] “We’d love to have better cyber security,
especially if it just falls from the sky.” [00:22:31] “Working on
standards and policy in general is about as complex as working on
software development.” [00:24:00] “In terms of getting involved,
two important things: First is getting in contact with other
people, and the second is the need to do some work on your own
initiative without having been brought into some of these groups.”
Spotlight [00:35:35] Leslie’s spotlight is the Open Source in The
European Legislative Landscape devroom. [00:35:59] Richard’s
spotlight is the book, “Better Living Through Birding.” [00:36:42]
Ciarán’s spotlight is two books: “Thy Neighbour’s Wife” and “The
Life Show.” Links SustainOSS (https://sustainoss.org/) SustainOSS
Twitter
(https://twitter.com/SustainOSS?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor)
SustainOSS Discourse (https://discourse.sustainoss.org/)
podcast@sustainoss.org (mailto:podcast@sustainoss.org) SustainOSS
Mastodon (https://mastodon.social/tags/sustainoss) Open
Collective-SustainOSS (Contribute)
(https://opencollective.com/sustainoss) Richard Littauer Socials
(https://www.burntfen.com/2023-05-30/socials) Leslie Hawthorne
LinkedIn
(https://www.linkedin.com/in/lesliehawthorn/?originalSubdomain=de)
Ciarán O’Riordan LinkedIn
(https://www.linkedin.com/in/ciaranor/?originalSubdomain=be) Ciarán
O’Riordan- Presentation of the Cyber Resilience Act (YouTube)
(https://www.youtube.com/watch?v=DuQ-QBNezLg) OpenForum Europe
(https://openforumeurope.org/) OpenForum Europe Events
(https://openforumeurope.org/events/) OpenForum Europe Open Source
(https://openforumeurope.org/open-source/) Open Source Policy
Community List
(https://groups.google.com/a/openforumeurope.org/g/foss-community)
Sustain Podcast-Episode 125: Astor Nummelin Carlberg of OFE on the
Economic Impact of Open Source
(https://podcast.sustainoss.org/guests/carlberg) Product Liability
Directive 1985
(https://en.wikipedia.org/wiki/Product_Liability_Directive_1985)
Open Source In The European Legislative Landscape devroom
(https://fosdem.org/2024/schedule/track/eu-policy/) Better Living
Through Birding: Notes From A Black Man In The Natural World by
Christian Cooper
(https://www.penguinrandomhouse.com/books/671722/better-living-through-birding-by-christian-cooper/)
[Thy Neighbour’s Wife by Liam
O’Flaherty](https://en.wikipedia.org/wiki/ThyNeighbour%27sWife) The
Life Show by Chi Li
(https://www.amazon.sg/Life-Show-Chi-Li/dp/7559421903) Credits
Produced by Richard Littauer (https://www.burntfen.com/) Edited by
Paul M. Bahr at Peachtree Sound (https://www.peachtreesound.com/)
Show notes by DeAnn Bahr Peachtree Sound
(https://www.peachtreesound.com/) Special Guest: Ciarán O'Riordan.
Show Notes In this episode, host Richard Littauer and co-host
Leslie Hawthorne engage with Ciarán O’Riordan, Senior Policy
Advisor from Open Forum Europe (OFE), diving into the intricacies
of the Cyber Resiliency Act (CRA) and its implications for the Free
and Open Source Software (FOSS) community. Ciarán shares his
journey from software development to policy advocacy, emphasizing
the critical role of policy work in shaping the future of open
source. He provides an in-depth analysis of the CRA, highlighting
concerns about its initial draft, the involvement of the FOSS
community in shaping its final form, and the potential challenges
and opportunities it presents. The discussion also touches on other
significant legislative developments in Europe, such as the Product
Liability Directive and the AI Act, and their potential effects on
open source software. Press download now to hear more! [00:01:25]
Ciarán explains how he became a Senior Policy Advisor, his passion
for policy work, tracing his journey from a software developer in
Dublin to his 20-year career in Brussels focusing on policy
advocacy, including his recent position at OFE. [00:06:08] Leslie
asks Ciarán for a summary of the Cyber Resilience Act (CRA) and its
specific implications for the free and open source software
ecosystem. Ciarán contrasts the initial and final versions of the
CR, detailing the changes made, the lightened obligations for free
and open source software, and the ongoing compliance challenges for
commercial distributions. [00:11:02] Leslie inquires how software
foundation’s responsible for producing commercialized software are
impacted by the Cyber Resilience Act. Ciarán explains that the
final version of the Act introduces a new category called “Open
Source Stewards” for entities like software foundations, which have
a reduced set of obligations without fines. He also mentions the
timeline for the CRA, stating in will come into force around
summertime 2027, after being officially signed. [00:16:09] Richard
asks about the CRA’s impact on individual non-European developers,
like himself, who have repositories on platforms like GitHub or
GitLab. Ciarán responds that the specifics of how the CRA will
affect such developers will become clear once the standards are
developed. [00:17:55] Ciarán clarifies the role of software
foundations is to provide services or procedures for compliance,
which may vary across different foundations. [00:19:36] Richard
wonders who benefits from this Act, and Ciarán discusses the
justification for the CRA, which is cost-based, comparing the
cybersecurity costs with compliance costs. [00:21:31] Leslie asks
about the process of creating standards for CRA compliance and how
average FOSS developers can influence these standards and questions
the best ways for FOSS developers to get involved in influencing
the outcomes beneficial to the FOSS ecosystem. Ciarán notes that
working on standards and policy is complex and compares it to
contributing to software development on short notice. [00:26:07]
Ciarán discusses OFE’s multi-layered structure and the FOSS
community list, which serves as a base for information sharing and
connection. [00:27:24] Richard questions the impact CRA on
individual developers with numerous dependencies in their projects.
Ciarán reassures that there is no immediate cause for panic as the
CRA will not come into force until summer 2027 and many details
will be clarified in the coming years. [00:28:39] Leslie shifts the
discussion the Product Liability Directive (PLD) and its relevance
to the FOSS ecosystem and Ciarán goes in depth about it. [00:33:36]
Find out where you can learn more about Ciarán and OFE on the web.
Quotes [00:04:58] “We’d love to have better cyber security,
especially if it just falls from the sky.” [00:22:31] “Working on
standards and policy in general is about as complex as working on
software development.” [00:24:00] “In terms of getting involved,
two important things: First is getting in contact with other
people, and the second is the need to do some work on your own
initiative without having been brought into some of these groups.”
Spotlight [00:35:35] Leslie’s spotlight is the Open Source in The
European Legislative Landscape devroom. [00:35:59] Richard’s
spotlight is the book, “Better Living Through Birding.” [00:36:42]
Ciarán’s spotlight is two books: “Thy Neighbour’s Wife” and “The
Life Show.” Links SustainOSS (https://sustainoss.org/) SustainOSS
(https://twitter.com/SustainOSS?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor)
SustainOSS Discourse (https://discourse.sustainoss.org/)
podcast@sustainoss.org (mailto:podcast@sustainoss.org) SustainOSS
Mastodon (https://mastodon.social/tags/sustainoss) Open
Collective-SustainOSS (Contribute)
(https://opencollective.com/sustainoss) Richard Littauer Socials
(https://www.burntfen.com/2023-05-30/socials) Leslie Hawthorne
(https://www.linkedin.com/in/lesliehawthorn/?originalSubdomain=de)
Ciarán O’Riordan LinkedIn
(https://www.linkedin.com/in/ciaranor/?originalSubdomain=be) Ciarán
O’Riordan- Presentation of the Cyber Resilience Act (YouTube)
(https://www.youtube.com/watch?v=DuQ-QBNezLg) OpenForum Europe
(https://openforumeurope.org/) OpenForum Europe Events
(https://openforumeurope.org/events/) OpenForum Europe Open Source
(https://openforumeurope.org/open-source/) Open Source Policy
Community List
(https://groups.google.com/a/openforumeurope.org/g/foss-community)
Sustain Podcast-Episode 125: Astor Nummelin Carlberg of OFE on the
Economic Impact of Open Source
(https://podcast.sustainoss.org/guests/carlberg) Product Liability
Directive 1985
(https://en.wikipedia.org/wiki/Product_Liability_Directive_1985)
Open Source In The European Legislative Landscape devroom
(https://fosdem.org/2024/schedule/track/eu-policy/) Better Living
Through Birding: Notes From A Black Man In The Natural World by
Christian Cooper
(https://www.penguinrandomhouse.com/books/671722/better-living-through-birding-by-christian-cooper/)
[Thy Neighbour’s Wife by Liam
O’Flaherty](https://en.wikipedia.org/wiki/ThyNeighbour%27sWife) The
Life Show by Chi Li
(https://www.amazon.sg/Life-Show-Chi-Li/dp/7559421903) Credits
Produced by Richard Littauer (https://www.burntfen.com/) Edited by
Paul M. Bahr at Peachtree Sound (https://www.peachtreesound.com/)
Show notes by DeAnn Bahr Peachtree Sound
(https://www.peachtreesound.com/) Special Guest: Ciarán O'Riordan.
Weitere Episoden
34 Minuten
vor 9 Monaten
46 Minuten
vor 9 Monaten
40 Minuten
vor 9 Monaten
38 Minuten
vor 10 Monaten
Kommentare (0)
Melde Dich an, um einen Kommentar zu schreiben.