We can all agree that securing our software is a good thing. Thanks to one security fiasco after another – the SolarWinds software supply chain attack, the perpetual Log4j vulnerability, and the npm maintainer protest code gone wrong – we know we must secure our code. But the European Union’s proposed Cyber Resilience Act (CRA) goes way, way too far in trying to regulate software security.
Developers use protestware technology to drive points home; some arrives as messages of defiance, others with malicious intent.
The CRA as written poses an unnecessary economic and technological risk to the EU; Open Source leaders wish to work with the European Commission on the CRA’s noble goal of secure software for all.
Open source software is ubiquitous and makes up much of the software infrastructure that underlies the systems our society relies on, from mobile phones to Internet technologies to automotive and national security systems. But as open source software has taken the spotlight—particularly efforts to ensure the security and sustainability of the ecosystem—it’s important to separate fact from fiction when thinking about open source and how best to support and use it.
If this is March, it must be election time at OSI. This year, two individual seats and one affiliate seat are in the running.
As the use of open-source software (OSS) continues its year-over-year growth, the biggest area for innovation and open-source adoption is now AI.
The Open Source Initiative is planning on making a few changes to how they do things. They think they’ve got it figured out, but first they want to know what you think.
When is Open Source not Open Source? Executive Director Maffulli comments on Harness.io’s latest product release
