Perl Toolchain Summit 2023 in Pictures

PTS2023 was this time in Lyon, France; Organized primarily by Philippe “BooK” Bruhat and Laurent Boivin.

This event wouldn’t be possible without it’s sponsors, Booking.com, Deriv, Grant Street Group, FastMail, cPanel, Perl Careers, MaxMind, Fastly Inc., Perl Maven, OpenCage, Perl Services, Oetiker+Partner, and Procura. Thank you!

All pictures in this gallery are ©2023, Salve J. Nilsen, CC-BY-NC-4.0. Please reach out to me on Mastodon if you consider using any of these in a commercial setting.

NIS2 and CRA – EU LAWS that may kill Open Source?

New EU laws are coming that will affect Open Source. Should we worry?

One is the NIS2 directive, which cares about the state of computer and software security in sectors that work on critical infrastructure. Another is the Computer Resilience Act, which tries to improve the security landscape around network-connected devices.

Depending on how these two directives are implemented, and how companies and communities react, this may either lead to increased funding for badly needed efforts in resource-starved Open Source communities — or — motivate affected businesses to move in the direction of software mono-cultures and away from the culture of permission-less innovation that Open Source software developers have practiced for decades.

Of course, these laws aren’t finished yet. NIS2 has to be implemented in local law, and the CRA is (as of this writing) still a work in progress. While the situation may still change, I believe there are a couple things Open Source communities can do to prepare already now.

  • Ensure supply-chain security procedures are in place and all issues resolved.
  • Create easy-to-find-and-use documentation directed at business managers that are forced to be introduced to their new Open Source colleagues.
  • Clarify project adoption and takeover procedures so the ones with a bus-factor of zero get a chance to be revived.
  • and more…

I’ve summarized some of my thoughts on this in the presentation I gave at the Perl Toolchain Summit 2023 in Lyon, France, on April 27th 2023, embedded below. (Edit: The slides from this presentation can be found under the CPAN Security Group list of presentations.)

Presentation about NIS2 and CRA at PTS2023

As a background and preparation for this talk, I and the Norwegian chapter of the Internet Society organized a fireside chat on April 22nd 2023.

In this conversation, we explored these laws (and others) both from a legal, security and Open Source perspective. The panel consisted of Simon Phipps (Director of EU Policy at the Open Source Initiative), Kaspar Rosager Ludvigsen (Lawyer and PhD candidate, working on the Cyber Resilience Act), Hans-Petter Fjeld (Senior Security Analyst at Defendable), and myself (Community activist and organizer in the Perl and Raku communities).

ISOC Norway fireside chat with Simon Phipps, Kaspar Rosager Ludvigsen, Hans-Petter Fjeld and Salve J. Nilsen

This event was graciously funded with a grant from NUUG Foundation.

If you find these topics interesting, feel free to reach out to me on Mastodon!