Juan, Please remove my email address; I’m no longer participating in the vulnerability work effort. Thanks, Dick Brooks   
Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council – A Public-Private Partnership Never trust software, always verify and report! ™ Risk always exists, but trust must be earned and awarded.™ https://businesscyberguardian.com/ Email: dick@xxxxxxxxxxxxxxxxxxxxxxxxx Tel: +1 978-696-1788 From: open-regulatory-compliance <open-regulatory-compliance-bounces@xxxxxxxxxxx> On Behalf Of Juan Rico via open-regulatory-compliance
Sent: Wednesday, July 2, 2025 5:30 AM
To: Open Regulatory Compliance Working Group <open-regulatory-compliance@xxxxxxxxxxx>
Cc: Juan Rico <juan.rico@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [open-regulatory-compliance] Vulnerability Handling Task Force Meeting Minutes Thanks Marta and all, I think it would be a good idea to discuss this in the vulnerability task force meeting tomorrow. I think a handbook would be much more accessible than a whitepaper, though one could inform the other.
Mat I would go harder than “whitepaper”. A Steward Handbook. With intro from the commission and preface from Maarten.
Hi all, As agreed during today's call, please use this email thread to discuss topics for potential TF deliverables. Here are some possible topics that were raised: - A document describing the role and obligations of stewards
- Best current practise for SBOM in open source projects
- Describing the relation between open source projects and manufacturers in regards to vuln management
Additionally, it might be worth getting acquainted with the deliverables plan as it contains a number of deliverables that might be interesting for this TF to get involved with or to drive.
I would like to propose a whitepaper the group can work on. According to my knowledge, no group (in ORC or otherwise) is working on this. Proposal title: Open Source Software Stewards and CRA Whitepaper The Cyber Resilience Act (CRA) defines a new category of organizations, Open Source Stewards (Stewards hereafter). It also defines obligations for them that are different from those of other categories like manufacturers.This whitepaper will aim at elaborating on the obligations, restrictions, and penalties that will be imposed to Stewards. From the elaboration on the legal text, we will outline the missing pieces / documents / procedures that Stewards need to have to fulfil their obligations. The goal is NOT to provide a definition or guidance about who is and who is not a steward for an Product with Digital Element qualifying as Open Source Software.
_______________________________________________
open-regulatory-compliance mailing list
open-regulatory-compliance@xxxxxxxxxxx
To unsubscribe from this list, visit https://accounts.eclipse.org
_______________________________________________
open-regulatory-compliance mailing list
open-regulatory-compliance@xxxxxxxxxxx
To unsubscribe from this list, visit https://accounts.eclipse.org
|
