03-04, 11:35–12:05 (Europe/Berlin), Stage Wintergarten
The EU Cyber Resilience Act sets standards for how software should be designed, developed and distributed with security in mind. Any regulation of how software is developed also affects FOSS. How do individual developers and communities adapt to the new regulatory environment?
Non-commercial FOSS development is excluded from the scope of the EU Cyber Resilience Act, and so are individual volunteer developers. Businesses are not. But where is the line between an incorporated FOSS community and an open source business? Depending on the answer, making FOSS releases comes with significant obligations like implementing maintenance and vulnerability reporting processes, self or third party certifications or providing patches for the 5 years or more lifecycle of the product. This will impact the viability of some FOSS development models like that of part-time maintainers supported by donations, or business-sponsored communities. The governance setup of FOSS projects may have to be sharpened to match the roles required in the law. The presentation will break down the obligations, when and how they apply and what actions communities can take to handle them.
Mirko Boehm is a free and open source software contributor, community manager, licensing expert and researcher, with contributions to major open source projects like the KDE Desktop (since 1997, including several years on the KDE e.V. board), the Open Invention Network, the Open Source Initiative and others. He is a visiting lecturer and researcher on free and open source software at the Technical University of Berlin. Mirko Boehm has a wide range of experience as an entrepreneur, corporate manager, software developer and German Air Force officer. He joined the Linux Foundation in June 2023 as senior director for community development for Linux Foundation Europe, where he focuses on driving engagement and collaboration between all European open source stakeholders. Mirko speaks English and German and lives in the Berlin area.