Concise Cyber

Subscribe below for free to get these delivered straight to your inbox

Advertisements
OpenForum Europe and Tech Leaders Urge EU to Fund Open Source Security
Advertisements

The Brussels-based think tank OpenForum Europe (OFE) published an open letter to the European Commission and Parliament, warning of systemic under-investment in open-source software. The letter, co-signed by over 70 businesses and foundations, stated that without action, the security and resilience of Europe’s “entire digital agenda will be built on sand.”

The letter highlighted that much of the world’s digital infrastructure, including that used by the public and private sectors in Europe, is built upon open-source software. The signatories argue that a failure to invest in the security of these foundational components leaves critical systems vulnerable.

Recent Vulnerabilities Highlight Systemic Risks

The open letter from OFE cited recent high-profile security incidents as evidence of the existing problem. Specifically, the letter referenced the Log4Shell vulnerability found within the Log4j library and the protestware incidents involving the Colors.js and Faker.js libraries. These events demonstrated how vulnerabilities in widely used but under-resourced open-source projects can have far-reaching consequences across global digital supply chains.

The letter’s signatories include prominent organizations from the open-source ecosystem, such as the Apache Software Foundation, the Eclipse Foundation, the Linux Foundation Europe, and the Open Source Initiative. Major technology companies like Red Hat, SUSE, and Telefonica also added their support to the call for action.

A Response to the Cyber Resilience Act

The letter was published as a direct response to the European Union’s proposed Cyber Resilience Act. While the act aims to establish cybersecurity rules for digital products, the signatories expressed concern that it places an “unworkable” legal burden on the open-source community. They argued that imposing legal liability on individual developers and non-profit foundations for the software they provide for free is not a viable solution.

As an alternative, the letter proposed two key measures. First, the creation of a European-level open-source program office (OSPO) to coordinate and expand upon the EU’s existing efforts. Second, the establishment of a dedicated fund, managed by a non-profit, to provide financial support for the maintenance of critical open-source projects. Sachiko Muto, CEO of OpenForum Europe, described the letter as showing “strong and unequivocal” support from the community for these proposals.

All articles are written here with the help of AI on the basis of openly available information which cannot be independently verified. We do strive to quote the relevant sources.The intent is only to summarise what is already reported in public forum in our own wordswith no intention to plagarise or copy other person’s work.The publisher has no intent to defame or cause offence to anyone, any person or any organisation at any moment.The publisher assumes no responsibility for any damage or loss caused by making decisions on the basis of whatever is published on cyberconcise.com.You’re advised to do your own checks and balances before making any decision, and owners and publishers at cyberconcise.com cannot be held accountable for its resulting ramifications.If you have any objections, concerns or point out anything factually incorrect, please reach out using the form on https://concisecyber.com/about/

Discover more from Concise Cyber

Subscribe now to keep reading and get access to the full archive.

Continue reading