2026-02-02 –, Atlantis
OpenEmbedded and the Yocto Project offer a number of features in line with the Cyber Resilience Act (CRA) requirements, like the SBOM generation. Even if the Project itself does not fall under the CRA requirements, products that use it do, some may be even in the important or even critical category.
What elements will vendors of those products need? Are elements already in place? What will they need to implement on their own?
This presentation will get outside of the CVE checking and SBOM generation space and explore other elements from the CRA requirements.
Marta Rybczynska has network security background, 20 years of experience in Open Source including 15 in embedded development. She has been working with embedded operating systems like Linux and various real-time ones, system libraries and frameworks up to user interfaces. Her specialties are architecture-specific parts of the Linux kernel. In the past, Marta served as Vice-President and treasurer for KDE e.V. She is involved in various Open Source projects, and also contributing kernel-related guest articles for LWN.net. She's a member of the security team of the Yocto Project and a co-maintainer of meta-security.
She has experience with presentations on both scientific and free software conferences, including LinuxCon, Open Source Summit, Embedded Linux Conference, Akademy and FOSDEM.