| Re: [open-regulatory-compliance] FYI: New initiative from LF |
Hi Scott, I spoke with CRob earlier today and I was informed that collaboration is indeed occurring between OpenSSF and Eclipse Foundation with regard to EU-CRA work on vulnerability reporting. I’ve offered to work with OpenSSF and Eclipse on the EU-CRA initiatives and bring the information back into my circles working along side US government entities, i.e. CISA public-private partnerships ( https://cisa.gov/sag ) and some Agencies: I’ve worked on similar collaborations in the past between the US and EU, i.e. ISO 15000-2/OASIS ebXML/IEC TC57 WG 16 that have proven successful. I spent two years working with the EU Energy industry, mostly with EirGrid in Ireland. Even with the changes underway in the US Administration I’m optimistic that good things can happen, with respectful collaborations. Cybersecurity is a global risk and it’s going to take teamwork to succeed. Thanks, Dick Brooks
Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council – A Public-Private Partnership Never trust software, always verify and report! ™ Risk always exists, but trust must be earned and awarded.™ https://businesscyberguardian.com/ Email: dick@xxxxxxxxxxxxxxxxxxxxxxxxx Tel: +1 978-696-1788 From: open-regulatory-compliance <open-regulatory-compliance-bounces@xxxxxxxxxxx> On Behalf Of Scott Lewis via open-regulatory-compliance Hi Dick, From the project lead/open source steward point of view this initiative appears appealing (under next steps...tools, processes, best practices, compliance resources for upstream OSS projects, etc). I had thought that the ORC WG (sig?) was working collaboratively with OpenSSF and/or Linux Foundation (Europe I guess from docs)...is that incorrect? Scott On 1/31/2025 6:43 AM, Dick Brooks via open-regulatory-compliance wrote:
|
