Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [open-regulatory-compliance] A more positive take on CRA FAQs and flowcharts 
+1 Scott. I'm guessing there are lots of us in the same boat with our name of software, both open source and commercial.

Thanks,

Dick Brooks
   
Active Member of the CISA Critical Manufacturing Sector, 
Sector Coordinating Council – A Public-Private Partnership

Never trust software, always verify and report! ™
Risk always exists, but trust must be earned and awarded.™ 
https://businesscyberguardian.com/ 
Email: dick@xxxxxxxxxxxxxxxxxxxxxxxxx
Tel: +1 978-696-1788


-----Original Message-----
From: open-regulatory-compliance <open-regulatory-compliance-bounces@xxxxxxxxxxx> On Behalf Of Scott Lewis via open-regulatory-compliance
Sent: Friday, January 3, 2025 3:08 PM
To: open-regulatory-compliance@xxxxxxxxxxx
Cc: Scott Lewis <slewis@xxxxxxxxxxxxx>
Subject: Re: [open-regulatory-compliance] A more positive take on CRA FAQs and flowcharts

On 1/3/2025 11:23 AM, Dick Brooks via open-regulatory-compliance wrote:
> Ilu,
>
>> This working group is not about your company. It's about the ecosystem as a whole and about formulating general advice on how to comply for everybody to follow.
> Is it possible that my situation is exemplary of others ( a common use case)  and the answers would be the same for all the others "doing the same thing"?

As someone with their name actually on the open source code (e.g. some project leads/committers/contributors at EF), my answer is 'yes'...we do want to hear answers to these specific questions, as we know that we could personally be legally exposed...sometimes by orgs that have more resources to hire lawyers.  This will remain true even with lots of new tools/processes that *we* have to use, or requirements that *we* most likely will have to implement.

Yes there are other constituencies and complexities (e.g. vague definitions of 'steward' or 'manufacturer', or other terms)...that's understood.  But there is a reason why there is a crisis at the same time that people are expecting and requiring (legally now) greater security guarantees.  Feel free to google 'open source crisis' for more.

Scott

_______________________________________________
open-regulatory-compliance mailing list
open-regulatory-compliance@xxxxxxxxxxx
To unsubscribe from this list, visit https://accounts.eclipse.org

Back to the top