Software has matured and is now an integral, key, part of society, its infrastructure and economy. Yet, by and large, the industries stance on security, reliability and preventing data leaks has fallen way behind. We’re regularly front-page news. So - like all important engineering industries before it - that means that politicians all over the world have started to care. And are introducing software regulation.
Europe leads that pack with the, now final, Cyber Resilience Act and the Product Liability Directive. This makes actual security mandatory. No paper dragons, no if’s and no but’s. And with your disclaimers and (strict)liability waivers essentially voided overnight. The US and other parts of the world are not far behind.
The impact of this will be massive. This talk will go through the regulation, the impact on the industry in general and open source specifically. It will also discuss the new legal concept of an `Open Source Steward’ and the implications of this on us, the Apache Software Foundations (ASF), our developers and our downstream community of SMEs, Large enterprises and users. And it will close with what the ASF is doing already, and what the industry needs to do, in the coming months and years.