Cybersecurity can’t rely on communities efforts alone

March 21, 2024

On Tuesday at the European Cybersecurity conference, Roberto Viola, Director General of the European Commission’s Directorate General for Communications Networks, Content and Technology)emphasized the need to increase European investment in cybersecurity. According to his remarks, this need is driven by the growing threats and the anticipated costs associated with implementing the new Cyber Resilience Act regulation.

While the new regulation excludes non-commercial free and open source software (FOSS) development, the distinction between such software and that used by private and public entities can be unclear. For example, certain community-based resources may qualify as critical open source software components, as they are integrated into software used by European public services. This underlines the need for broader public support for community-based projects supporting critical infrastructure. It also underlines the importance of integrating support for the cyber commons into cybersecurity policies, as experienced by Campus Cyber in France with the launch of a “studio for cyber commons.” Neglecting to invest in FOSS can lead to security risks with far-reaching economic consequences, as demonstrated by the Log4Shell vulnerability discovered in 2021. Establishing maintenance and vulnerability reporting protocols is a shared responsibility that Digital Commons projects cannot shoulder alone.

keep up to date
and subscribe
to our newsletter
Subscribe