2024-09-26 –, Louis Armand 1 - Est
The EU Commission is likely to vote on the Cyber Resilience Act (CRA) later this year. In this talk we will look at the timeline for the new legislation, any critical discussions happening around implementation and most importantly, the new responsibilities outlined by the CRA. We’ll also discuss what the PSF is doing for CPython and for PyPI and what each of us in the Python ecosystem might want to do to get ready for a new era of increased certainty – and liability – around security.
The EU Commission is likely to vote on the Cyber Resilience Act (CRA) later this year. The CRA is an ambitious step towards protecting consumers from software security issues by creating a new list of responsibilities for software developers and providers. The Act also creates a new category of actor known as an “Open Source Steward” which we think makes important allowances for public open source repositories like CPython and Python Package Index (PyPI.) Once the dust settles, everyone who makes software will need to consider the CRA’s mandates in their security roadmaps.
In this talk we will look at the timeline for the new legislation, any critical discussions happening around implementation and most importantly, the new responsibilities outlined by the CRA. We’ll also discuss what the PSF is doing for CPython and for PyPI and what each of us in the Python ecosystem might want to do to get ready for a new era of increased certainty – and liability – around security.
Target audience
Developers and maintainers whose project or product may be affected by the CRA. European legislation won’t just affect the European market, it will affect the software industry and the open source community globally as it is very hard to segregate one project or product from the EU market. So, this is for everyone in the Python community who shares their code with the world.
Goal
To educate the general public about CRA - how it can affect us and how to get ready for it. We also want to provide more information for the Python community about what has been done by the PSF regarding the CRA to reassure them that the Python community is aware and getting prepared for the CRA.
Outline
- Introduction
- what is CRA
- Highlight of the CRA text as of now
- How we may be affected
- Getting ready
- What has PSF done for cyber security
- What has PSF done for CRA specifically
- What is PSF planning to do to support the community
- Call for action
- How to be prepared as an individual
- How to be prepared if you are maintaining a project
- How to support PSF to be ready for CRA
After having a career in Data Scientist and Developer Relations, Cheuk dedicated her work to the open-source community and founded CMD Limes, a Python consultants cooperation. She has also co-founded Humble Data, a beginner Python workshop that has been happening around the world. She has served the EuroPython Society board for two years and is now a fellow and director of the Python Software Foundation.