Everyone that manages security reports for Open Source projects have been getting a higher workload because of AI. Both real reports and just slop - reports including vulnerabilities in code that doesn't exist. For some, this is becoming a denial of service attack, with developers having to spend valuable, and in some cases unpaid, time to sort out what's real and may be a vulnerability.

Jarek Potiuk, member of The Apache Software Foundation will talk about this on the GVIP Summit Wednesday Jan 28th in Brussels. We still have a few seats available - but hurry up to register!

gvip-project.org

#NVD #CVE #EUVD #EUCRA #CRA

The coming EU Cyber Resilience Act will affect all Open Source projects. The Eclipse Foundation has created the Open Regulatory Compliance working group together with a list of other Open Source organisations to jointly develop best current practises and have a continuous dialog with regulatory bodies.

Mikael Barbero will present this important workgroup at the NSSS24!

Register today for the conference - nsss.se

@EclipseFdn @owasp @openssf
#EUCRA #CRA #OPENSOURCE

[swe] EU Cyber Resilience Act är på gång och vi har fått tillgång till den nya versionen efter förra årets förhandlingar mellan komissionen, parlamentet och rådet. På torsdag kör vi Dataföreningen ett gratis lunchseminarie där vi diskuterar CRA - senaste uppdateringarna, vad säger Open Source-grupperna och vad gäller för tillverkare av digitala produkter?

Registrera dig här:

dfs.se/pa_gang/prata-eu-cyber-…

#CRA #EUCRA #CYBERSECURITY