(Online) Report from the Trenches EU CRA standards dev efforts (Richard Brooks)

NOTE: This is now an Online-only event. Please plan accordingly. The Zoom link has been added to this event.

Title:
Report from the Trenches EU CRA standards development efforts.

Abstract:
I'll describe my participation in the EU Cyber Resilience Act (EU CRA), adopted as an EU regulation effective in December 2024 with deadline implementation dates through 2027. I'll provide a high-level overview of the EU CRA as a set of cybersecurity requirements covering software supply chain practices for products offered in the EU marketplace, which includes specific requirements on software manufacturers to provide transparency into their software development practices, including Software Bill of Materials (SBOM) and Vulnerability Disclosure Reporting and Management. I'll describe my participation in two US-based organizations that are part of the EU CRA Digital Experts group, the Eclipse Foundation and OpenSSF. Both organizations contribute to developing technical application standards under the EU CRA. In my view, the EU CRA represents a harmonized set of software supply chain cybersecurity practices that will be applied to software products used throughout EU critical infrastructure sectors and other consumer uses and is ahead of the US in the quest for harmonized cybersecurity practices.

Bio:
Richard ("Dick") Brooks - Co-founder and Lead Software Engineer at Business Cyber Guardian (BCG)
https://www.linkedin.com/in/richard-dick-brooks-8078241/

Venue and Food:
We are meeting at 6:30 pm on the 3rd Thursday of the month.

NOTE: This is now an Online-only event. Please plan accordingly. The Zoom link has been added to this event.