More stringent security controls under the European Union's Cyber Resilience Act have resulted in a new partnership between the Apache Software Foundation, OpenSSL Software Foundation, Eclipse Foundation, and four other open source foundations to consolidate their resources and best practices to establish unified open-source standards and specifications that would strengthen the software supply chain when the law takes effect in 2027, according to TechCrunch.
"While open source communities and foundations generally adhere to and have historically established industry best practices around security, their approaches often lack alignment and comprehensive documentation. The open-source community and the broader software industry now share a common challenge: legislation has introduced an urgent need for cybersecurity process standards," said the Eclipse Foundation, which is leading the collaboration effort.
Such a development comes amid legislative proposals, including the U.S.'s Securing Open Source Software Act, looking to increase the examination of open-source developers' role in software supply chain security.
