Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [open-regulatory-compliance] FYI: New initiative from LF

Hi Scott,

 

I spoke with CRob earlier today and I was informed that collaboration is indeed occurring between OpenSSF and Eclipse Foundation with regard to EU-CRA work on vulnerability reporting.

 

I’ve offered to work with OpenSSF and Eclipse on the EU-CRA initiatives and bring the information back into my circles working along side US government entities, i.e. CISA public-private partnerships ( https://cisa.gov/sag ) and some Agencies:

https://www.nasa.gov/wp-content/uploads/2024/08/nasas-secure-software-development-self-attestation-collaboration-opportunity-20240731-113203-meeting-recording.mp4

 

I’ve worked on similar collaborations in the past between the US and EU, i.e. ISO 15000-2/OASIS ebXML/IEC TC57 WG 16 that have proven successful.

I spent two years working with the EU Energy industry, mostly with EirGrid in Ireland.

 

Even with the changes underway in the US Administration I’m optimistic that good things can happen, with respectful collaborations.

 

Cybersecurity is a global risk and it’s going to take teamwork to succeed.

 

 

 

Thanks,

 

Dick Brooks

  

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report!

Risk always exists, but trust must be earned and awarded.™

https://businesscyberguardian.com/

Email: dick@xxxxxxxxxxxxxxxxxxxxxxxxx

Tel: +1 978-696-1788

 

 

From: open-regulatory-compliance <open-regulatory-compliance-bounces@xxxxxxxxxxx> On Behalf Of Scott Lewis via open-regulatory-compliance
Sent: Wednesday, February 5, 2025 2:18 PM
To: open-regulatory-compliance@xxxxxxxxxxx
Cc: Scott Lewis <slewis@xxxxxxxxxxxxx>
Subject: Re: [open-regulatory-compliance] FYI: New initiative from LF

 

Hi Dick,

From the project lead/open source steward point of view this initiative appears appealing (under next steps...tools, processes, best practices, compliance resources for upstream OSS projects, etc).

I had thought that the ORC WG (sig?) was working collaboratively with OpenSSF and/or Linux Foundation (Europe I guess from docs)...is that incorrect?

Scott

On 1/31/2025 6:43 AM, Dick Brooks via open-regulatory-compliance wrote:

https://www.linuxfoundation.org/press/openssf-and-lf-europe-launch-cra-initiative

 

Not sure what this means for the broader open source software community, but will be interesting to see where this goes.

 

I certainly agree with this statement:

 

Cybersecurity is a matter of global concern. I am excited to see efforts like the  EU’s CRA come online as it touches on topics we've been working to embed within organizations’ cybersecurity practices for decades," said Christopher “CRob” Robinson, Chief Security Architect of the OpenSSF.

 

 

Thanks,

 

Dick Brooks

  

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report!

Risk always exists, but trust must be earned and awarded.™

https://businesscyberguardian.com/

Email: dick@xxxxxxxxxxxxxxxxxxxxxxxxx

Tel: +1 978-696-1788

 

 



_______________________________________________
open-regulatory-compliance mailing list
open-regulatory-compliance@xxxxxxxxxxx
To unsubscribe from this list, visit https://accounts.eclipse.org

Back to the top