Colleagues, Something I spotted that could be of interest to this group: FYI, the Open Source Security Foundation, LF Europe, and LF Research are fielding a survey to measure awareness about the recently adopted EU Cyber Resilience Act on a worldwide scale. The survey should take between 5 and 10 minutes, and closes at the end of this week with the goal being to publish the survey data and related report by mid-March. Link: https://www.research.net/r/MR35RMF All best Romain -- Romain Bosc Sr Public Policy & Governance Officer RIPE NCC E: rbosc@ripe.net
OS wg team- Here is *another* survey, asking for your help to inform policy makers of our concerns about regulation of open source. It is fairly different from the one Romain shared from the Linux Foundation, in that it is specifically concerned about impacts to the DNS. This was already shared with the DNS working group, but we are cross-posting to open source as well. Some of you use open source DNS implementations every day. Please take a few minutes to share any positive or negative impacts of regulation you anticipate on the infrastructure you support. https://ec.europa.eu/eusurvey/runner/SSAC-open-source-software-in-DNS-and-registration-infrastructure Thank you! Vicky ---- ICANN's Security and Stability Advisory Committee [1] is attempting to document the operational reliance on Free and Open Source Software (FOSS) in the Internet’s domain name infrastructure to inform policy discussions regarding the security of software and critical infrastructure. Our work aims aim to clear up misinformed assumptions by regulators and policy makers that may threaten the FOSS development and supply model, impacting operators of the Internet’s domain and routing systems. Our report will be published on the ICANN website [2], with a target publication date in June. The survey will be closed for new submissions at the end of February. [1] https://www.icann.org/en/ssac [2] https://www.icann.org/en/ssac/publications # What is SSAC? The Security and Stability Advisory Committee advises the ICANN community and ICANN Board on security and integrity matters related to Internet naming and address systems. We perform ongoing threat assessment and risk analysis to assess principal threats to stability and security of these systems. SSAC publications are available from https://www.icann.org/en/ssac/publications # Anonymous? We use the European Commission's EUsurvey tool, configured not to log IP addresses or other information with the potential to identify you. Your (anonymous) comments may be reprinted as entered in the report, if there is personally identifying information / personal data included in your comments, we will edit that from your remarks. -- Vicky Risk Product Manager, ISC.org
On Jan 22, 2025, at 6:12 AM, Romain Bosc <rbosc@ripe.net> wrote:
Colleagues,
Something I spotted that could be of interest to this group:
FYI, the Open Source Security Foundation, LF Europe, and LF Research are fielding a survey to measure awareness about the recently adopted EU Cyber Resilience Act on a worldwide scale. The survey should take between 5 and 10 minutes, and closes at the end of this week with the goal being to publish the survey data and related report by mid-March.
Link: https://www.research.net/r/MR35RMF
All best Romain
-- Romain Bosc Sr Public Policy & Governance Officer RIPE NCC E: rbosc@ripe.net <mailto:rbosc@ripe.net>----- To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/opensource-wg.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/
OS working group, Back in January I posted here, asking people to fill out a survey about regulation and software. I was asked to share the survey for the purpose of the following report, published yesterday by ICANN, "SAC132 - The Domain Name System Runs on Free and Open Source Software (FOSS).” The report is intended to serve as reference material for policy makers, or those advising policy makers on the importance of open source in the DNS system. I contributed to the writing of this report. The lack of data about open source usage was one of the bigger challenges. People who aren’t familiar with open source don’t realize you can’t just produce a list of users. Therefore, we had to make our case for the importance of open source based on its use in the Root server system and the larger country-code TLDs, where there was a small number of operators and we knew what software each was using. The survey some of you may have contributed to was summarized in Appendix C. The survey responses were overwhelmingly negative about software regulation, but it was felt that printing too many of them would merely antagonize regulators whose job is to regulate software. Mostly, the comments consistently expressed that regulation was unlikely to improve software security, and could cause other problems. Here is the report: https://itp.cdn.icann.org/en/files/security-and-stability-advisory-committee.... Feel free to share it with anyone who might be working on regulations aimed at open source software. Regards, Vicky Risk
On Jan 28, 2025, at 12:16 PM, Victoria Risk <vicky@isc.org> wrote:
OS wg team-
Here is *another* survey, asking for your help to inform policy makers of our concerns about regulation of open source. It is fairly different from the one Romain shared from the Linux Foundation, in that it is specifically concerned about impacts to the DNS. This was already shared with the DNS working group, but we are cross-posting to open source as well.
Some of you use open source DNS implementations every day. Please take a few minutes to share any positive or negative impacts of regulation you anticipate on the infrastructure you support.
https://ec.europa.eu/eusurvey/runner/SSAC-open-source-software-in-DNS-and-re...
Thank you!
Vicky
----
ICANN's Security and Stability Advisory Committee [1] is attempting to document the operational reliance on Free and Open Source Software (FOSS) in the Internet’s domain name infrastructure to inform policy discussions regarding the security of software and critical infrastructure.
Our work aims aim to clear up misinformed assumptions by regulators and policy makers that may threaten the FOSS development and supply model, impacting operators of the Internet’s domain and routing systems.
Our report will be published on the ICANN website [2], with a target publication date in June. The survey will be closed for new submissions at the end of February.
[1] https://www.icann.org/en/ssac [2] https://www.icann.org/en/ssac/publications
# What is SSAC? The Security and Stability Advisory Committee advises the ICANN community and ICANN Board on security and integrity matters related to Internet naming and address systems. We perform ongoing threat assessment and risk analysis to assess principal threats to stability and security of these systems. SSAC publications are available from https://www.icann.org/en/ssac/publications
# Anonymous? We use the European Commission's EUsurvey tool, configured not to log IP addresses or other information with the potential to identify you. Your (anonymous) comments may be reprinted as entered in the report, if there is personally identifying information / personal data included in your comments, we will edit that from your remarks.
-- Vicky Risk Product Manager, ISC.org
On Jan 22, 2025, at 6:12 AM, Romain Bosc <rbosc@ripe.net> wrote:
Colleagues,
Something I spotted that could be of interest to this group:
FYI, the Open Source Security Foundation, LF Europe, and LF Research are fielding a survey to measure awareness about the recently adopted EU Cyber Resilience Act on a worldwide scale. The survey should take between 5 and 10 minutes, and closes at the end of this week with the goal being to publish the survey data and related report by mid-March.
Link: https://www.research.net/r/MR35RMF
All best Romain
-- Romain Bosc Sr Public Policy & Governance Officer RIPE NCC E: rbosc@ripe.net <mailto:rbosc@ripe.net>----- To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/opensource-wg.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/
participants (2)
-
Romain Bosc -
Victoria Risk