Podcasts about cyber resilience act

Dieses Mal tauchen wir ein in die Welt der Cloud-Technologien und schauen ganz genau hin, welche Chancen und Herausforderungen sie für Versicherungsunternehmen mit sich bringen. Besonders im Fokus: die aktuellen regulatorischen Anforderungen wie DORA, Solvency II und der Cyber Resilience Act, die die digitale Widerstandsfähigkeit und das IT-Risikomanagement der Branche auf ein neues Level heben.Unsere Hosts Dominik Badarne und Herbert Jansky begrüßen zwei absolute Cloud-Urgesteine: Achim Heidebrecht, dessen jahrzehntelange Erfahrung und Pionierarbeit bei der Cloud-Einführung in der Versicherungsbranche besonders heraussticht, und Adrian Wnek, der seit 2012 Cloud-Projekte – insbesondere mit AWS – auf ein neues Level hebt und Unternehmen befähigt, selbstbewusst und sicher in die Cloud zu starten.Freut euch auf ehrliche Einblicke, persönliche Erfahrungen aus echten Transformationsprojekten, Anekdoten aus den frühen Tagen der Cloud-Migration bei Talangs, Learnings rund um Compliance und Regulatorik und einen Blick darauf, wie Unternehmen heute Cloud-Lösungen industriell und sicher umsetzen können. Außerdem werfen wir einen Blick über den Tellerrand, sprechen über Innovationen in anderen Branchen und klären, warum gerade die Cloud helfen kann, regulatorische Anforderungen besser zu erfüllen.Lehnt euch zurück und begleitet uns auf dieser spannenden Reise durch Vergangenheit, Gegenwart und Zukunft der Cloud im Versicherungssektor!Schreibt uns gerne eine Nachricht!Folge uns auf unserer LinkedIn Unternehmensseite für weitere spannende Updates.Unsere Website: https://www.insurancemondaypodcast.de/Du möchtest Gast beim Insurance Monday Podcast sein? Schreibe uns unter info@insurancemondaypodcast.de und wir melden uns umgehend bei Dir.Dieser Podcast wird von dean productions produziert.Vielen Dank, dass Du unseren Podcast hörst!

Podcast: Industrie neu gedacht - ein Tech-Podcast von Bosch RexrothEpisode: Cyber Resilience Act (CRA) - no time to waitPub date: 2025-05-06Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationThe CRA is keeping the industrial sector busy. We speak to two experts: Michael Langfinger and Sebastian Krauskopf. They both work for Bosch Rexroth and explain to us what machine builders need to look out for. More about the topic: https://www.boschrexroth.com/en/de/industries/hydrogen/ Do you already know the Rexroth blog If you have any questions, please contact us: vertrieb@boschrexroth.de Produced by Bosch Rexroth AG, Sales Europe Centre Susanne NollThe podcast and artwork embedded on this page are from Bosch Rexroth AG, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Industrie neu gedacht - ein Tech-Podcast von Bosch RexrothEpisode: Cyber Resilience Act (CRA) - keine Zeit zu wartenPub date: 2025-05-06Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationDer CRA beschäftigt die Industrie. Wie sprechen mit zwei Experten: Michael Langfinger und Sebastian Krauskopf. Sie arbeiten beide für Bosch Rexroth und erklären uns, worauf Maschinenbauer achten müssen, wie Bosch Rexroth unterstützt. Kennen Sie schon den Rexroth-Blog Wenn Sie Fragen haben, dann wenden Sie sich gerne an: vertrieb@boschrexroth.de Produziert von Bosch Rexroth AG, Vertrieb Europa Mitte Susanne NollThe podcast and artwork embedded on this page are from Bosch Rexroth AG, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Het is alweer bijna drie jaar geleden dat we in de Technoloog uitgebreid spraken over de stand van zaken rond het Internet of Things. Over IOT praten we altijd met Wienke Giezeman, mede-oprichter van The Things Industries, en dat is ook deze aflevering het geval. Sinds ons laatste gesprek is er veel veranderd, bijvoorbeeld de opkomst van generatieve AI. Waar deze technologie drie jaar geleden nog nauwelijks een rol speelde, is het nu niet meer weg te denken uit de wereld van verbonden apparaten. AI maakt het mogelijk om IoT-data sneller te analyseren en directer te benutten, maar brengt ook risico’s met zich mee, zoals grotere afhankelijkheid, complexere beveiligingsvraagstukken en vooral: onbetrouwbare apparatuur. Op het gebied van standaarden blijft Matter het toverwoord. Deze universele taal voor IoT-apparaten werd drie jaar geleden al genoemd, maar heeft sindsdien moeite gehad om echt door te breken. Dat is opmerkelijk, gezien de brede steun van grote partijen als Amazon, Samsung en Ikea. Toch blijft volledige interoperabiliteit uit. Er zijn nog altijd protocollen die hun eigen positie willen behouden, en dat maakt het moeilijk om tot één standaard te komen. Terwijl juist die eenduidigheid de hele markt vooruit zou kunnen helpen. Ook de Europese wetgever roert zich. De EU Data Act, die naar verwachting in september van kracht wordt, verplicht fabrikanten om data uit IoT-apparatuur toegankelijk te maken. Dat biedt kansen voor gebruikers om met eigen software of alternatieve oplossingen aan de slag te gaan, maar leidt mogelijk ook tot fragmentatie. Tegelijkertijd komt er met de Cyber Resilience Act een nieuwe plicht voor fabrikanten: betere standaardbeveiliging van hun producten. Dat klinkt logisch, maar zou in de praktijk botsen met de wens om systemen juist open en modificeerbaar te houden. Zeker bij open-source oplossingen is het de vraag hoe die balans moet worden bewaakt. Ten slotte werpen we een blik op de toekomst. Hoeveel slimmer, efficiënter of duurzamer is het leven met IoT inmiddels echt geworden? Is een 'slim' huis echt zoveel fijner? En waar staan we als we over een aantal jaar opnieuw de balans opmaken? Gast Wienke Giezeman Video YouTube Hosts Ben van der Burg & Daniël Mol Redactie Daniël MolSee omnystudio.com/listener for privacy information.

www.iotusecase.com#MASCHINENBAU #SECURITY #PENETRATIONTEST #IOT-PLATTFORMIn der 165. Episode des IoT Use Case Podcasts spricht Gastgeberin Ing. Madeleine Mickeleit mit Michael Buchenberg, Head of IT Security bei XITASO, über die Absicherung vernetzter Produkte im industriellen Umfeld. Am Beispiel eines Projekts mit DMG MORI und der Plattform CELOS X zeigt die Folge, wie Penetration Tests in der Praxis ablaufen, welche Angriffsvektoren im IoT-Kontext eine Rolle spielen und wie Konzepte wie DevSecOps und der Cyber Resilience Act die Entwicklung sicherer Lösungen beeinflussen.Folge 165 auf einen Blick (und Klick):(10:55) Herausforderungen, Potenziale und Status quo – So sieht der Use Case in der Praxis aus(16:08) Lösungen, Angebote und Services – Ein Blick auf die eingesetzten Technologien (22:02) Übertragbarkeit, Skalierung und nächste Schritte – So könnt ihr diesen Use Case nutzen Podcast ZusammenfassungWie sicher sind eigentlich meine digitalen Produkte im Feld? Diese Frage stellen sich viele Hersteller – spätestens, wenn es um vernetzte Maschinen, IoT-Plattformen oder Kundenportale geht. Genau darum geht es in dieser Podcastfolge mit Michael Buchenberg, Head of IT Security bei XITASO.Am Beispiel eines Projekts mit DMG MORI und der Plattform CELOS X wird praxisnah aufgezeigt, wie Penetration Tests helfen, reale Schwachstellen frühzeitig zu identifizieren – etwa in Maschinen, Cloud-Anbindungen oder Standard-Schnittstellen wie OPC UA oder MQTT. Getestet wird unter realistischen Bedingungen: direkt an der Maschine im Shopfloor.Zentrale Herausforderungen:Historisch gewachsener Code (z. B. alte SPS-Programme), der nicht für Vernetzung entwickelt wurdeMangelnde Transparenz über Risiken im Gesamtsystem – von der Maschine bis zur CloudFehlendes Schwachstellenmanagement in der ProduktentwicklungSorgen von Endkunden beim Umgang mit sensiblen ProduktionsdatenLösungsansatz: Neben klassischem Penetration Testing spricht Michael über den Ansatz DevSecOps – also das frühzeitige Mitdenken von Sicherheit in der Software- und Produktentwicklung. Entscheidend ist dabei: Wer potenzielle Schwachstellen schon in der Architektur erkennt, spart Aufwand und Kosten in späteren Phasen.Regulatorische Relevanz:Mit dem Cyber Resilience Act und der NIS-2-Richtlinie wird Sicherheit zur Pflicht. Hersteller müssen künftig aktiv nach Schwachstellen suchen, Updates bereitstellen und Sicherheit über den gesamten Produktlebenszyklus sicherstellen.Die Folge liefert klare Best Practices und einen Realitätscheck für alle, die IoT-Lösungen entwickeln oder betreiben – insbesondere im Maschinen- und Anlagenbau, aber auch darüber hinaus.-----Relevante Folgenlinks:Madeleine (https://www.linkedin.com/in/madeleine-mickeleit/)Michael (https://www.linkedin.com/in/michael-buchenberg/)CELOS X Plattform (https://de.dmgmori.com/produkte/digitalisierung/celos-x)Post-Quanten-Kryptographie (https://xitaso.com/projekte/amiquasy-migration-zu-post-quanten-kryptographie/)Penetration Tests von Fräsmaschinen (https://xitaso.com/projekte/dmg-mori-penetration-test/?utm_source=iot.website&utm_medium=podcast&utm_campaign=iot.use.case)Jetzt IoT Use Case auf LinkedIn folgen

Eddie Knight, OSPO lead at Sonatype, discusses how the EU Cyber Resilience Act can help with improving your software project's security and in the same time to slow down the alarming acceleration of software supply chain attacks. Read a transcript of this interview: https://bit.ly/3RDMPVX Subscribe to the Software Architects' Newsletter for your monthly guide to the essential news and experience from industry peers on emerging patterns and technologies: https://www.infoq.com/software-architects-newsletter Upcoming Events: InfoQ Dev Summit Boston (June 9-10, 2025) Actionable insights on today's critical dev priorities. devsummit.infoq.com/conference/boston2025 InfoQ Dev Summit Munich (October 15-16, 2025) Essential insights on critical software development priorities. https://devsummit.infoq.com/conference/munich2025 QCon San Francisco 2025 (November 17-21, 2025) Get practical inspiration and best practices on emerging software trends directly from senior software developers at early adopter companies. https://qconsf.com/ QCon AI NYC 2025 (December 16-17, 2025) https://ai.qconferences.com/ The InfoQ Podcasts: Weekly inspiration to drive innovation and build great teams from senior software leaders. Listen to all our podcasts and read interview transcripts: - The InfoQ Podcast https://www.infoq.com/podcasts/ - Engineering Culture Podcast by InfoQ https://www.infoq.com/podcasts/#engineering_culture - Generally AI: https://www.infoq.com/generally-ai-podcast/ Follow InfoQ: - Mastodon: https://techhub.social/@infoq - Twitter: twitter.com/InfoQ - LinkedIn: www.linkedin.com/company/infoq - Facebook: bit.ly/2jmlyG8 - Instagram: @infoqdotcom - Youtube: www.youtube.com/infoq Write for InfoQ: Learn and share the changes and innovations in professional software development. - Join a community of experts. - Increase your visibility. - Grow your career. https://www.infoq.com/write-for-infoq

Am 11. Dezember 2024 ist der Cyber Resilience Act in Kraft getreten. Diese EU-Verordnung hat ein hehres Ziel und will Softwareprodukte in der EU sicherer machen. Welche Auswirkungen diese neue Verordnung heute und in Zukunft auf die Softwareentwicklung haben wird, besprechen wir heute mit Sebastian. Sebastian hat sich den kompletten CRA mehrmals durchgelesen um die relevanten Themen für unsere tägliche Arbeit in der Softwareentwicklung herauszufinden.

Hallo da draußen an den Empfangsgeräten. In der heutigen Podcast Folge ist Sarah Fluchs zu Gast. Sarah ist Chief Technology Officer (CTO) beim Beratungsunternehmen admeritia. In der Folge geht es mal wieder um das Thema OT-Security. Langweilig? Von wegen! In dieser Folge lassen Julius, Marcel und Sarah jegliche Basics hinter sich und steigen so richtig tief in das Thema der OT-Security Standards ein und werfen dabei ein ganz besonderes Augenmerk auf die IEC62443. Sind OT-Standards ein Fluch oder Segen?

In this episode, open source legal expert Luis Villa breaks down what the EU's Cyber Resilience Act means for developers and businesses, exploring carve-outs for individual contributors and the complex relationship between security and sustainability. Luis provides practical guidance on navigating this evolving regulatory landscape while explaining why the CRA represents both a challenge and an opportunity for the open source ecosystem. The blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-03-CRA_luis_villa/

⬥GUEST⬥Sarah Fluchs, CTO at admeritia | CRA Expert Group at EU Commission | On LinkedIn: https://www.linkedin.com/in/sarah-fluchs/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin⬥EPISODE NOTES⬥The European Commission's Cyber Resilience Act (CRA) introduces a regulatory framework designed to improve the security of digital products sold within the European Union. In a recent episode of Redefining CyberSecurity, host Sean Martin spoke with Sarah Fluchs, Chief Technology Officer at admeritia and a member of the CRA expert group at the EU Commission. Fluchs, who has spent her career in industrial control system cybersecurity, offers critical insights into what the CRA means for manufacturers, retailers, and consumers.A Broad Scope: More Than Just Industrial AutomationUnlike previous security regulations that focused on specific sectors, the CRA applies to virtually all digital products. Fluchs emphasizes that if a device is digital and sold in the EU, it likely falls under the CRA's requirements. From smartwatches and baby monitors to firewalls and industrial control systems, the regulation covers a wide array of consumer and business-facing products.The CRA also extends beyond just hardware—software and services required for product functionality (such as cloud-based components) are also in scope. This broad application is part of what makes the regulation so impactful. Manufacturers now face mandatory cybersecurity requirements that will shape product design, development, and post-sale support.What the CRA RequiresThe CRA introduces mandatory cybersecurity standards across the product lifecycle. Manufacturers will need to:Ensure products are free from known, exploitable vulnerabilities at the time of release.Implement security by design, considering cybersecurity from the earliest stages of product development.Provide security patches for the product's defined lifecycle, with a minimum of five years unless justified otherwise.Maintain a vulnerability disclosure process, ensuring consumers and authorities are informed of security risks.Include cybersecurity documentation, requiring manufacturers to provide detailed security instructions to users.Fluchs notes that these requirements align with established security best practices. For businesses already committed to cybersecurity, the CRA should feel like a structured extension of what they are already doing, rather than a disruptive change.Compliance Challenges: No Detailed Checklist YetOne of the biggest concerns among manufacturers is the lack of detailed compliance guidance. While other EU regulations provide extensive technical specifications, the CRA's security requirements span just one and a half pages. This ambiguity is intentional—it allows flexibility across different industries—but it also creates uncertainty.To address this, the EU will introduce harmonized standards to help manufacturers interpret the CRA. However, with tight deadlines, many of these standards may not be ready before enforcement begins. As a result, companies will need to conduct their own cybersecurity risk assessments and demonstrate due diligence in securing their products.The Impact on Critical Infrastructure and Industrial SystemsWhile the CRA is not specifically a critical infrastructure regulation, it has major implications for industrial environments. Operators of critical systems, such as utilities and manufacturing plants, will benefit from stronger security in the components they rely on.Fluchs highlights that many security gaps in industrial environments stem from weak product security. The CRA aims to fix this by ensuring that manufacturers, rather than operators, bear the responsibility for secure-by-design components. This shift could significantly reduce cybersecurity risks for organizations that rely on complex supply chains.A Security Milestone: Holding Manufacturers AccountableThe CRA represents a fundamental shift in cybersecurity responsibility. For the first time, manufacturers, importers, and retailers must guarantee the security of their products or risk being banned from selling in the EU.Fluchs points out that while the burden of compliance is significant, the benefits for consumers and businesses will be substantial. Security-conscious companies may even gain a competitive advantage, as customers start to prioritize products that meet CRA security standards.For those in the industry wondering how strictly the EU will enforce compliance, Fluchs reassures that the goal is not to punish manufacturers for small mistakes. Instead, the EU Commission aims to improve cybersecurity without unnecessary bureaucracy.The Bottom LineThe Cyber Resilience Act is set to reshape cybersecurity expectations for digital products. While manufacturers face new compliance challenges, consumers and businesses will benefit from stronger security measures, better vulnerability management, and increased transparency.Want to learn more? Listen to the full episode of Redefining CyberSecurity with Sean Martin and Sarah Fluchs to hear more insights into the CRA and what it means for the future of cybersecurity.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/sarah-fluchs_aaand-its-official-the-cyber-resilience-activity-7250162223493300224-zECA/Adopted CRA text: https://data.consilium.europa.eu/doc/document/PE-100-2023-INIT/en/pdfA list of Sarah's blog posts to get your CRA knowledge up to speed:1️⃣ Introduction to the CRA, the CE marking, and the regulatory ecosystem around it: https://fluchsfriction.medium.com/eu-cyber-resilience-act-9e092fffbd732️⃣ Explanation how the standards ("harmonised European norms, hEN") are defined that will detail the actual cybersecurity requirements in the CRA (2023): https://fluchsfriction.medium.com/what-cybersecurity-standards-will-products-in-the-eu-soon-have-to-meet-590854ba3c8c3️⃣ Overview of the essential requirements outlined in the CRA (2024): https://fluchsfriction.medium.com/what-the-cyber-resilience-act-requires-from-manufacturers-0ee0b917d2094️⃣ Overview of the global product security regulation landscape and how the CRA fits into it (2024): https://fluchsfriction.medium.com/product-security-regulation-in-2024-93ddc6dd89005️⃣ Good-practice example for the "information and instructions to the user," one of the central documentations that need to be written for CRA compliance and the only one that must be provided to the product's users (2024): https://fluchsfriction.medium.com/how-to-be-cra-compliant-and-make-your-critical-infrastructure-clients-happy-441ecd859f52⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity: 

⬥GUEST⬥Sarah Fluchs, CTO at admeritia | CRA Expert Group at EU Commission | On LinkedIn: https://www.linkedin.com/in/sarah-fluchs/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin⬥EPISODE NOTES⬥The European Commission's Cyber Resilience Act (CRA) introduces a regulatory framework designed to improve the security of digital products sold within the European Union. In a recent episode of Redefining CyberSecurity, host Sean Martin spoke with Sarah Fluchs, Chief Technology Officer at admeritia and a member of the CRA expert group at the EU Commission. Fluchs, who has spent her career in industrial control system cybersecurity, offers critical insights into what the CRA means for manufacturers, retailers, and consumers.A Broad Scope: More Than Just Industrial AutomationUnlike previous security regulations that focused on specific sectors, the CRA applies to virtually all digital products. Fluchs emphasizes that if a device is digital and sold in the EU, it likely falls under the CRA's requirements. From smartwatches and baby monitors to firewalls and industrial control systems, the regulation covers a wide array of consumer and business-facing products.The CRA also extends beyond just hardware—software and services required for product functionality (such as cloud-based components) are also in scope. This broad application is part of what makes the regulation so impactful. Manufacturers now face mandatory cybersecurity requirements that will shape product design, development, and post-sale support.What the CRA RequiresThe CRA introduces mandatory cybersecurity standards across the product lifecycle. Manufacturers will need to:Ensure products are free from known, exploitable vulnerabilities at the time of release.Implement security by design, considering cybersecurity from the earliest stages of product development.Provide security patches for the product's defined lifecycle, with a minimum of five years unless justified otherwise.Maintain a vulnerability disclosure process, ensuring consumers and authorities are informed of security risks.Include cybersecurity documentation, requiring manufacturers to provide detailed security instructions to users.Fluchs notes that these requirements align with established security best practices. For businesses already committed to cybersecurity, the CRA should feel like a structured extension of what they are already doing, rather than a disruptive change.Compliance Challenges: No Detailed Checklist YetOne of the biggest concerns among manufacturers is the lack of detailed compliance guidance. While other EU regulations provide extensive technical specifications, the CRA's security requirements span just one and a half pages. This ambiguity is intentional—it allows flexibility across different industries—but it also creates uncertainty.To address this, the EU will introduce harmonized standards to help manufacturers interpret the CRA. However, with tight deadlines, many of these standards may not be ready before enforcement begins. As a result, companies will need to conduct their own cybersecurity risk assessments and demonstrate due diligence in securing their products.The Impact on Critical Infrastructure and Industrial SystemsWhile the CRA is not specifically a critical infrastructure regulation, it has major implications for industrial environments. Operators of critical systems, such as utilities and manufacturing plants, will benefit from stronger security in the components they rely on.Fluchs highlights that many security gaps in industrial environments stem from weak product security. The CRA aims to fix this by ensuring that manufacturers, rather than operators, bear the responsibility for secure-by-design components. This shift could significantly reduce cybersecurity risks for organizations that rely on complex supply chains.A Security Milestone: Holding Manufacturers AccountableThe CRA represents a fundamental shift in cybersecurity responsibility. For the first time, manufacturers, importers, and retailers must guarantee the security of their products or risk being banned from selling in the EU.Fluchs points out that while the burden of compliance is significant, the benefits for consumers and businesses will be substantial. Security-conscious companies may even gain a competitive advantage, as customers start to prioritize products that meet CRA security standards.For those in the industry wondering how strictly the EU will enforce compliance, Fluchs reassures that the goal is not to punish manufacturers for small mistakes. Instead, the EU Commission aims to improve cybersecurity without unnecessary bureaucracy.The Bottom LineThe Cyber Resilience Act is set to reshape cybersecurity expectations for digital products. While manufacturers face new compliance challenges, consumers and businesses will benefit from stronger security measures, better vulnerability management, and increased transparency.Want to learn more? Listen to the full episode of Redefining CyberSecurity with Sean Martin and Sarah Fluchs to hear more insights into the CRA and what it means for the future of cybersecurity.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/sarah-fluchs_aaand-its-official-the-cyber-resilience-activity-7250162223493300224-zECA/Adopted CRA text: https://data.consilium.europa.eu/doc/document/PE-100-2023-INIT/en/pdfA list of Sarah's blog posts to get your CRA knowledge up to speed:1️⃣ Introduction to the CRA, the CE marking, and the regulatory ecosystem around it: https://fluchsfriction.medium.com/eu-cyber-resilience-act-9e092fffbd732️⃣ Explanation how the standards ("harmonised European norms, hEN") are defined that will detail the actual cybersecurity requirements in the CRA (2023): https://fluchsfriction.medium.com/what-cybersecurity-standards-will-products-in-the-eu-soon-have-to-meet-590854ba3c8c3️⃣ Overview of the essential requirements outlined in the CRA (2024): https://fluchsfriction.medium.com/what-the-cyber-resilience-act-requires-from-manufacturers-0ee0b917d2094️⃣ Overview of the global product security regulation landscape and how the CRA fits into it (2024): https://fluchsfriction.medium.com/product-security-regulation-in-2024-93ddc6dd89005️⃣ Good-practice example for the "information and instructions to the user," one of the central documentations that need to be written for CRA compliance and the only one that must be provided to the product's users (2024): https://fluchsfriction.medium.com/how-to-be-cra-compliant-and-make-your-critical-infrastructure-clients-happy-441ecd859f52⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity: 

Depuis sa publication, le CRA a été décrié par les experts du logiciel libre comme une menace existentielle pour la filière européenne. Et c'est désormais acté, en réaction à ce texte, 10 logiciels libres ont décidé de quitter l'UE. Explications de cette sentence exceptionnelle par Jean-Paul Smets, PDG de rapid.space. -----------------------------------------------------------------------SMART TECH - Le magazine quotidien de l'innovationDans SMART TECH, l'actu du numérique et de l'innovation prend tout son sens. Chaque jour, des spécialistes décryptent les actualités, les tendances, et les enjeux soulevés par l'adoption des nouvelles technologies.

Il nostro mondo digitale è sempre più interconnesso, e con questo cresce anche il rischio di attacchi informatici che minacciano dati personali, servizi essenziali e infrastrutture critiche. In un panorama in cui la sicurezza non è un'opzione ma una necessità, le aziende devono trovare nuovi strumenti e approcci, come il Bug Bounty, per proteggere i propri sistemi e garantire la fiducia di chi li utilizza. Per capire come affrontare queste sfide e quali strategie possono davvero fare la differenza abbiamo invitato Luca Manara, CEO di UNGUESS.Nella sezione delle notizie parliamo di un nuovo record per la fusione nucleare compiuto dal reattore tokamak WEST e infine di Microsoft che ha presentato il suo rivoluzionario chip quantistico.--Indice--00:00 - Introduzione01:39 - Un nuovo record per la fusione nucleare (HDBlog.it, Matteo Gallo)02:38 - Microsoft presenta il suo chip quantistico (DDay.it, Luca Martinelli)04:22 - UNGUESS: prevenire gli attacchi informatici con il Bug Bounty (Luca Manara, Davide Fasoli, Luca Martinelli)34:48 - Conclusione--Contatti--• www.dentrolatecnologia.it• Instagram (@dentrolatecnologia)• Telegram (@dentrolatecnologia)• YouTube (@dentrolatecnologia)• redazione@dentrolatecnologia.it--Immagini--• Foto copertina: Freepik--Brani--• Ecstasy by Rabbit Theft• Ride or Die by Andromedik & Pirapus (ft. Indy Skies)

Smarte Toaster, PC-Spiele, Mikroprozessoren und Antivirusprogramme – auf all diese Produkttypen ist der Cyber Resilience Act (CRA) anzuwenden, welcher am 12. Dezember 2024 in Kraft trat. In dieser Folge werfen wir einen genauen Blick auf die neue EU-Verordnung, die Hersteller und Händler in Sachen IT-Sicherheit in die Pflicht nimmt und die die Resilienz von digitalen Produkten nachhaltig stärken soll. Was bedeutet das konkret und wie können sich Unternehmen frühzeitig auf die neuen Anforderungen vorbereiten? Unsere BSI-Expertin Anna Schwendicke beleuchtet die Auswirkungen des CRA auf die Hersteller von IT, sowie auf Händler und Verbraucher und erklärt, wie sich Firmen den neuen Anforderungen stellen können.

Dick Brooks from Business Cyber Guardian discusses the landscape of federal software security requirements, we discuss frameworks like CISA's Software Acquisition Guide, Secure Software Development Framework, and the EU's Cyber Resilience Act. These regulations impact open source projects differently from commercial vendors, Dick helps explain what that means for the vendors as well as open source developers. The accompaning blog can be found at https://opensourcesecurity.io/2025/01-government_security_requirements_with_dick_brooks     CISA Software Acquisition Guide CISA SAG Reader Project NASA SSDF collaboration

Am 10. Oktober 2024 wurde von der EU der Cyber Resilience Act verabschiedet. Diese Verordnung dient der Erhöhung der Cybersicherheit von Produkten mit einer digitalen Komponente, um Verbraucher*innen und Unternehmen besser zu schützen. Was kommt da auf die Unternehmen zu? Dies diskutieren Sandro Müller und Andreas Wisler in der aktuellen Folge.

The State of Cybersecurity in the European Union Cyber threats know no borders, and in the European Union, harmonizing cybersecurity efforts across 27 member states is no small feat. In this episode of Threat Talks, host Lieuwe Jan Koning speaks with Hans de Vries, Chief Cybersecurity and Operational Officer at ENISA, about the critical work being done to secure Europe's digital future.

Dit is aflevering 121 van Licht op Legal. In deze aflevering gaat Michael Reker, advocaat Information Technology & Privacy bij Van Benthem & Keulen, in op de Cyber Resilience Act.De Cyber Resillience Act (afgekort CRA) is ingevoerd om de beveiliging van hardware en softwareproducten in de EU te verhogen om daarmee impact van beveiligingsincidenten te beperken (denk aan gevallen zoals de Ripple20-exploit of de Crowdstrike-update). De hoofddoelen van de CRA leiden vanaf december 2027 tot strengere producteisen op het gebied van beveiliging en een verplichte CE-markering voor alle producten met digitale elementen (hardware en software)​.In deze aflevering vertelt Michael op welke producten de Cyber Resilience Act van toepassing is en wat de belangrijkste verplichtingen zijn die de Cyber Resilience Act oplegt aan bijvoorbeeld producenten, importeurs en distributeurs van deze producten. Vervolgens legt Michael uit wat de verplichting tot CE-markering concreet betekent en wat bedrijven hiervoor moeten doen en gaat Michael in op de gevolgen van het niet voldoen aan de eisen van de Cyber Resilience Act. Michael sluit de podcast af met tips voor bedrijven die zich voorbereiden op de komst van de Cyber Resilience Act.Wilt u meer weten over de Cyber Resilience Act? Neem dan contact op met Michael Reker.Heeft u suggesties voor een onderwerp of wilt u dat onze experts hun licht laten schijnen op uw juridische vraagstuk? Stuur dan een mail naar lichtoplegal@vbk.nl. Licht op Legal kunt u via onze website, Spotify, Apple Podcasts of uw eigen favoriete podcastapp beluisteren.Dit is een podcast van Van Benthem & Keulen. U vindt ons op:vbk.nlLinkedInTwitterFacebookInstagram Hosted on Acast. See acast.com/privacy for more information.

How are businesses preparing for the evolving threats and challenges in the world of cybersecurity? In today's episode of Tech Talks Daily, I'm joined by Dominik Samociuk, Head of Security at Future Processing, a technology consultancy and software delivery partner with over two decades of experience.  Together, we explore the current state of cybersecurity and dive into predictions for 2025, focusing on emerging threats, regulatory changes, and the critical importance of cyber resilience. Dominik shares insights into the rise of AI-driven attacks, including deepfakes and automated phishing campaigns, which are increasing in sophistication and volume. These threats are forcing organizations to rethink their strategies, moving beyond prevention to comprehensive approaches that include detection, response, and recovery. We also discuss how businesses can strengthen their defenses through zero-trust architecture, third-party risk management, and enhanced employee training—especially as the human factor remains one of the most vulnerable aspects of cybersecurity. Regulatory changes, such as the NIS2 Directive, DORA, and the upcoming Cyber Resilience Act, are also driving a shift in how organizations approach security. Dominik explains how businesses can align with these evolving requirements by conducting regular gap analyses, automating compliance processes, and leveraging frameworks like ISO 27001 and NIST. Data privacy in the era of AI is another key focus of our discussion. Dominik outlines the steps businesses must take to classify and protect sensitive data, ensure transparency with stakeholders, and build robust incident response plans. Additionally, we delve into the importance of embedding security practices throughout the development lifecycle and the role of open-source intelligence in identifying vulnerabilities and emerging threats. Whether you're looking to stay ahead of cyber threats or understand how regulatory changes will impact your organization, this episode provides actionable insights to navigate the complexities of modern cybersecurity. How is your business preparing for the future of cyber resilience? Join the conversation and share your thoughts!

Inoltre, la nuova Direttiva (UE) 2024/2853 del Parlamento europeo e del Consiglio sulla responsabilità per danno da prodotti difettosi, un articolo sulla gestione del rischio nell'Intelligenza Artificiale, le novità per i neopatentati nel nuovo Codice della strada e il c.d. Decreto giustizia con modifiche urgenti in materia di giustizia penale.>> Leggi anche l'articolo: https://tinyurl.com/5fx7h9c9>> Scopri tutti i podcast di Altalex: https://bit.ly/2NpEc3w

Nästan fem år har gått sedan Mattias och Erik pratade om underliga attacker - alltså märkliga händelser och ovanliga metoder. Det är helt enkelt dags för en ny variant! Varför inte börja med Keyboard hijacking och Bluesnarfing! Alltså vad det innebär och hur det går till att bryta sig in genom readiokommunikation och avlyssna ett tangentbord. Sedan ta sig vidare till nordamerika och titta närmare på ett kasino och dyka ner i dess akvarium. Ja för även dessa kan hackas! Detta och en hel del annat i detta avsnitt som även kommer in på vilka typer av IoT det finns och vad Cyber Resilience Act kan bidra till dessa ovanliga attacker. Sedan även den kanske mest omoraliska attacken någonsin som slutade i långt fängelsestraff!  

www.iotusecase.com#DEVICEMANAGEMENT #ZERTIFIKATE #SECURITYIn dieser Episode erfährst du, wie Unternehmen ihre IIoT-Geräte durch effizientes Device Management und Sicherheitszertifikate vor Cyberangriffen schützen und teure manuelle Prozesse vermeiden können. Gerald Richter (ECOS Technology) und Sebastian Fischer (conplement AG) teilen praxisnahe Lösungen, um Sicherheitsrisiken zu minimieren und die Effizienz vernetzter Geräte in der Industrie zu steigern.Folge 147 auf einen Blick (und Klick):(12:12) Herausforderungen, Potenziale und Status quo – So sieht der Use Case in der Praxis aus(30:29) Lösungen, Angebote und Services – Ein Blick auf die eingesetzten TechnologienZusammenfassung der PodcastfolgeIn dieser Folge wird über die Herausforderungen und Lösungen im Bereich Device Management und Sicherheit für IIoT-Geräte gesprochen. Gerald Richter, Geschäftsführer von ECOS Technology, und Sebastian Fischer, Produktmanager für Device Management bei der conplement AG, erläutern, wie Unternehmen ihre IoT-Geräte effizient verwalten und absichern können. Die Experten teilen ihre Erfahrungen aus Projekten und zeigen auf, wie Sicherheitszertifikate, automatisierte Updates und ein sicheres Geräte-Management helfen, Risiken wie Cyberangriffe und Manipulationen zu minimieren.Es werden Use Cases vorgestellt, die zeigen, wie Unternehmen durch die Vermeidung manueller Prozesse Zeit und Kosten sparen und gleichzeitig die Sicherheit ihrer vernetzten Geräte gewährleisten können. Ein zentrales Thema ist dabei die Herausforderung, Geräte über ihren gesamten Lifecycle hinweg zu aktualisieren und die Compliance-Anforderungen zu erfüllen. Insbesondere für regulierte Branchen wie die Medizintechnik ist dies ein kritischer Punkt.Abschließend gehen die Gäste auf konkrete Technologien ein, die zum Einsatz kamen, und geben Einblicke in erfolgreiche Projekte sowie zukünftige Entwicklungen im Bereich IIoT und Sicherheitslösungen.  -----Relevante Folgenlinks:Madeleine (https://www.linkedin.com/in/madeleine-mickeleit/)Gerald (https://www.linkedin.com/in/gerald-richter-8259bb235/)Sebastian (https://www.linkedin.com/in/seb-fischer/)Open Industry 4.0 Alliance (https://openindustry4.com/)Cyber Resilience Act (https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Cyber_Resilience_Act/cyber_resilience_act_node.html)NIS2 (https://www.bsi.bund.de/DE/Das-BSI/Auftrag/Gesetze-und-Verordnungen/NIS-Richtlinien/nis-richtlinie_node.html)Jetzt IoT Use Case auf LinkedIn folgen

This week we're talking to Matthew Hodgson, one of the founders of Matrix - a network for secure, decentralised communication, and CEO/CTO of Element - a communications platform built using Matrix, about the regulatory environment matrix lives in, the difficulty of and the passion for interoperable communications at matrix, and the complications of building an encrypted communications platform both technically and in this day and age. Links for description: - Matrix: https://matrix.org/ - Element: https://element.io/ - Telegram's encryption: https://www.wired.com/story/telegram-encryption-end-to-end-features/ - Blah: https://www.vanillaplus.com/2014/05/22/2663-tim-brasil-deploys-amdocs-unified-communications-for-blah-service/ - Anatel Brazil Whatsapp arrest: https://www.reuters.com/article/technology/facebook-exec-jailed-in-brazil-as-court-seeks-whatsapp-data-idUSKCN0W34WA/ - eEuropean commission 42 point going dark plan: https://www.patrick-breyer.de/en/first-insight-42-key-points-of-the-secret-eugoingdark-surveillance-plan-for-the-new-eu-commission - Clipper chip: Listen to our podcast - https://privacyinternational.org/video/5332/cryptowars-short-history-encryption-politics - Online Safety Act: https://www.gov.uk/government/publications/online-safety-act-explainer/online-safety-act-explainer - Liberty on the Online Safety Act: https://www.libertyhumanrights.org.uk/wp-content/uploads/2022/04/Joint-civil-society-briefing-on-private-messaging-in-the-Online-Safety-Bill-for-Second-Reading-in-the-House-of-Lords-January-2023.pdf - Adam Langley: https://www.imperialviolet.org/ - Pond.org: https://medium.com/@undercomm/secure-communication-pond-4985bfe85a2c - 'We kill people based on metadata' https://abcnews.go.com/blogs/headlines/2014/05/ex-nsa-chief-we-kill-people-based-on-metadata - PI and ICRC report: https://privacyinternational.org/report/2509/humanitarian-metadata-problem-doing-no-harm-digital-era - Matrix P2P tracker: https://arewep2pyet.com/ - Alec Muffett v Matthew Hodgson: https://www.theverge.com/2022/3/28/23000148/eu-dma-damage-whatsapp-encryption-privacy - PI's take on the Digital Markets Act: https://privacyinternational.org/long-read/5356/what-digital-markets-act-and-what-does-it-mean-our-privacy-and-wider-rights - Apple enable RCS: https://www.theverge.com/2024/6/10/24171315/apple-messages-rcs-ios-18-imessage-green-bubble - Chat Control: https://www.patrick-breyer.de/en/posts/chat-control/ - Cyber Resilience Act: https://privacyinternational.org/advocacy/5060/our-position-eu-cyber-resilience-act-cra

www.iotusecase.com#GRID #KRITIS #STANDARDS In dieser praxisnahen Episode des IoT Use Case Podcasts geht es um die Herausforderungen und Lösungen im Bereich kritischer Infrastrukturen, insbesondere für das Energiemanagement und die Netzsicherheit. Die Gäste, Dr. André Egners von Landis+Gyr und Oliver Kleindienst von Rhebo, beleuchten die Bedeutung von Standards und Cybersicherheitsmaßnahmen für das Energienetz der Zukunft.Folge 145 auf einen Blick (und Klick):(07:55) Herausforderungen, Potenziale und Status quo – So sieht der Use Case in der Praxis aus(23:17) Ergebnisse, Geschäftsmodelle und Best Practices – So wird der Erfolg gemessen(29:48) Übertragbarkeit, Skalierung und Nächste Schritte – So könnt ihr diesen Use Case nutzenZusammenfassung der PodcastfolgeEin zentrales Thema ist die Notwendigkeit einer umfassenden Sicherheitsstrategie, die über "Secure by Design"-Ansätze hinausgeht und auch Angriffserkennung sowie Anomalieüberwachung einschließt. Dabei wird erläutert, wie Rhebo durch Deep Packet Inspection die OT-Kommunikation überwacht, um ungewöhnliche Aktivitäten frühzeitig zu identifizieren und zu verhindern.Ein weiterer Fokus liegt auf den regulatorischen Anforderungen wie dem Cyber Resilience Act, der Unternehmen vor die Herausforderung stellt, Cybersicherheit effektiv umzusetzen, ohne dabei in bürokratischen Aufwand zu versinken. Die Bedeutung einer standardisierten Kommunikation, beispielsweise über DLMS für Smart Metering, wird hervorgehoben, um eine einheitliche und sichere Netzkommunikation zu gewährleisten.Die Gäste diskutieren konkrete Anwendungsfälle, darunter den Einsatz von Smart Metern in Israel, und betonen die Wichtigkeit von End-to-End-Sicherheitslösungen, die von der Leitwarte bis zu den Edge Devices reichen. Die kontinuierliche Überwachung und Analyse industrieller Netzwerke ist entscheidend, um sowohl gesetzliche Vorgaben zu erfüllen als auch den ROI zu sichern.-----Relevante Folgenlinks:Madeleine (https://www.linkedin.com/in/madeleine-mickeleit/)Oliver (https://www.linkedin.com/in/oliver-kleindienst/)André (https://www.linkedin.com/in/dregners/)Jetzt IoT Use Case auf LinkedIn folgen

A Colorado health system's patient portal has been compromised. Malicious uploads to open-source repositories surge over the past year. Octo2 malware targets Android devices. A critical vulnerability in Veeam Backup & Replication software is being exploited. The U.S. and U.K. team up for kids online safety. The European Council adopts the Cyber Resilience Act. New York State adopts new cyber regulations for hospitals. The FBI created its own cryptocurrency to help thwart fraudsters. Our guest Dr. Bilyana Lilly joins us to talk about her new novel "Digital Mindhunters." Getting dumped via AI. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest Dr. Bilyana Lilly joins us to talk about her new novel "Digital Mindhunters." Selected Reading Cyberattack targets healthcare nonprofit overseeing 13 Colorado facilities (The Record) Malicious packages in open-source repositories are surging (CyberScoop) Octo2 Malware Uses Fake NordVPN, Chrome Apps to Infect Android Devices (HackRead) Hackers Exploiting Veeam RCE Vulnerability to Deploy Ransomware (Cybersecuritynews) Britain, US set up working group to improve children's online safety (Reuters) European Council Adopts Cyber Resilience Act (BankInfoSecurity) New York State Enacts New Cyber Requirements for Hospitals (BankInfoSecurity) FBI created a crypto token so it could watch it being abused (The Register) Man learns he's being dumped via “dystopian” AI summary of texts (Ars Technica) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

News includes the archiving of the “Phoenix Sync” project, a major update to Gettext that enhances compilation efficiency, the release of ErrorTracker v0.2.6 with new features like error pruning and ignoring, and José Valim highlighting UX issues with ChatGPT's new UI. We were also joined by Alistair Woodman, a board member of the EEF (Erlang Ecosystem Foundation), who explained the EEF's recent efforts to stay ahead of legislation and technical regulatory shifts that may impact developers soon. Alistair discussed the changing regulatory landscape in the US and the EU due to high-profile exploits, outages, and nation-state supply chain attacks. We learned how the EEF supports Elixir and BEAM developers and what they need from the community now, and more! Show Notes online - http://podcast.thinkingelixir.com/220 (http://podcast.thinkingelixir.com/220) Elixir Community News - https://github.com/josevalim/sync (https://github.com/josevalim/sync?utm_source=thinkingelixir&utm_medium=shownotes) – The "Phoenix Sync" project has been archived with no immediate explanation yet. - https://github.com/elixir-gettext/gettext/blob/main/CHANGELOG.md#v0260 (https://github.com/elixir-gettext/gettext/blob/main/CHANGELOG.md#v0260?utm_source=thinkingelixir&utm_medium=shownotes) – Gettext has a big update to version 0.26.0 which includes a more efficient compilation. - https://github.com/elixir-cldr/cldr (https://github.com/elixir-cldr/cldr?utm_source=thinkingelixir&utm_medium=shownotes) – Gettext feels similar to how ExCldr allows defining a custom backend. - https://elixirstatus.com/p/TvydI-errortracker-v026-has-been-released (https://elixirstatus.com/p/TvydI-errortracker-v026-has-been-released?utm_source=thinkingelixir&utm_medium=shownotes) – ErrorTracker v0.2.6 has been released with key improvements like a global error tracking disable flag, automatic resolved error pruning, and error ignorer. - https://github.com/mimiquate/tower (https://github.com/mimiquate/tower?utm_source=thinkingelixir&utm_medium=shownotes) – Tower is a flexible error tracker for Elixir applications that listens for errors and reports them to configured reporters like email, Rollbar, or Slack. - https://x.com/josevalim/status/1832509464240374127 (https://x.com/josevalim/status/1832509464240374127?utm_source=thinkingelixir&utm_medium=shownotes) – José highlighted some UX issues with ChatGPT's new UI, mentioning struggles with concurrent updates. - https://x.com/josevalim/status/1833176754090897665 (https://x.com/josevalim/status/1833176754090897665?utm_source=thinkingelixir&utm_medium=shownotes) – José postponed publishing a video on optimistic updates with LiveView due to an Apple announcement. - https://github.com/wojtekmach/mixinstallexamples (https://github.com/wojtekmach/mix_install_examples?utm_source=thinkingelixir&utm_medium=shownotes) – A new WebRTC example was added to the "Mix Install Examples" project. - https://github.com/wojtekmach/mixinstallexamples/pull/42 (https://github.com/wojtekmach/mix_install_examples/pull/42?utm_source=thinkingelixir&utm_medium=shownotes) – The WebRTC example shows how to use the ex_webrtc Elixir package in a small script, compatible with Mix.install/2. - https://github.com/elixir-webrtc/ex_webrtc (https://github.com/elixir-webrtc/ex_webrtc?utm_source=thinkingelixir&utm_medium=shownotes) – The Elixir package used for the WebRTC example. - https://x.com/taylorotwell/status/1831668872732180697 (https://x.com/taylorotwell/status/1831668872732180697?utm_source=thinkingelixir&utm_medium=shownotes) – Laravel raised a $57M Series A in partnership with Accel, likely related to their Laravel Cloud hosting platform. Do you have some Elixir news to share? Tell us at @ThinkingElixir (https://twitter.com/ThinkingElixir) or email at show@thinkingelixir.com (mailto:show@thinkingelixir.com) Discussion Resources - https://en.wikipedia.org/wiki/CyberResilienceAct (https://en.wikipedia.org/wiki/Cyber_Resilience_Act?utm_source=thinkingelixir&utm_medium=shownotes) - https://news.apache.org/foundation/entry/open-source-community-unites-to-build-cra-compliant-cybersecurity-processes (https://news.apache.org/foundation/entry/open-source-community-unites-to-build-cra-compliant-cybersecurity-processes?utm_source=thinkingelixir&utm_medium=shownotes) - https://www.cisa.gov/sites/default/files/2024-05/CISA%20Secure%20by%20Design%20Pledge_508c.pdf (https://www.cisa.gov/sites/default/files/2024-05/CISA%20Secure%20by%20Design%20Pledge_508c.pdf?utm_source=thinkingelixir&utm_medium=shownotes) - https://www.whitehouse.gov/wp-content/uploads/2024/02/Final-ONCD-Technical-Report.pdf (https://www.whitehouse.gov/wp-content/uploads/2024/02/Final-ONCD-Technical-Report.pdf?utm_source=thinkingelixir&utm_medium=shownotes) - https://www.infoworld.com/article/2336216/white-house-urges-developers-to-dump-c-and-c.html (https://www.infoworld.com/article/2336216/white-house-urges-developers-to-dump-c-and-c.html?utm_source=thinkingelixir&utm_medium=shownotes) - https://en.m.wikipedia.org/wiki/CE_marking (https://en.m.wikipedia.org/wiki/CE_marking?utm_source=thinkingelixir&utm_medium=shownotes) - https://www.cisco.com/c/en/us/services/acquisitions/tail-f.html (https://www.cisco.com/c/en/us/services/acquisitions/tail-f.html?utm_source=thinkingelixir&utm_medium=shownotes) - https://digital-strategy.ec.europa.eu/en/policies/cyber-resilience-act (https://digital-strategy.ec.europa.eu/en/policies/cyber-resilience-act?utm_source=thinkingelixir&utm_medium=shownotes) - https://www.nist.gov/ (https://www.nist.gov/?utm_source=thinkingelixir&utm_medium=shownotes) - https://en.wikipedia.org/wiki/XZUtilsbackdoor (https://en.wikipedia.org/wiki/XZ_Utils_backdoor?utm_source=thinkingelixir&utm_medium=shownotes) - https://en.wikipedia.org/wiki/Log4j (https://en.wikipedia.org/wiki/Log4j?utm_source=thinkingelixir&utm_medium=shownotes) - https://en.wikipedia.org/wiki/Heartbleed (https://en.wikipedia.org/wiki/Heartbleed?utm_source=thinkingelixir&utm_medium=shownotes) - https://en.wikipedia.org/wiki/2024CrowdStrikeincident (https://en.wikipedia.org/wiki/2024_CrowdStrike_incident?utm_source=thinkingelixir&utm_medium=shownotes) - https://news.stanford.edu/stories/2024/06/stanfords-deborah-sivas-on-scotus-loper-decision-overturning-chevrons-40-years-of-precedent-and-its-impact-on-environmental-law (https://news.stanford.edu/stories/2024/06/stanfords-deborah-sivas-on-scotus-loper-decision-overturning-chevrons-40-years-of-precedent-and-its-impact-on-environmental-law?utm_source=thinkingelixir&utm_medium=shownotes) - https://openssf.org/ (https://openssf.org/?utm_source=thinkingelixir&utm_medium=shownotes) - https://www.fcc.gov/broadbandlabels (https://www.fcc.gov/broadbandlabels?utm_source=thinkingelixir&utm_medium=shownotes) - https://www.cve.org/ (https://www.cve.org/?utm_source=thinkingelixir&utm_medium=shownotes) - https://erlef.org/wg/security (https://erlef.org/wg/security?utm_source=thinkingelixir&utm_medium=shownotes) Guest Information - https://www.linkedin.com/in/alistair-woodman-51934433 (https://www.linkedin.com/in/alistair-woodman-51934433?utm_source=thinkingelixir&utm_medium=shownotes) – Alistair Woodman on LinkedIn - awoodman@erlef.org - http://erlef.org/ (http://erlef.org/?utm_source=thinkingelixir&utm_medium=shownotes) – Erlang Ecosystem Foundation Website Find us online - Message the show - @ThinkingElixir (https://twitter.com/ThinkingElixir) - Message the show on Fediverse - @ThinkingElixir@genserver.social (https://genserver.social/ThinkingElixir) - Email the show - show@thinkingelixir.com (mailto:show@thinkingelixir.com) - Mark Ericksen - @brainlid (https://twitter.com/brainlid) - Mark Ericksen on Fediverse - @brainlid@genserver.social (https://genserver.social/brainlid) - David Bernheisel - @bernheisel (https://twitter.com/bernheisel) - David Bernheisel on Fediverse - @dbern@genserver.social (https://genserver.social/dbern)

Podcast: We talk IoT – The Internet of Things Business PodcastEpisode: We talk IoT: Securing the Future: Understanding the Cyber Resilience Act - Episode 55Pub date: 2024-09-05We have an exciting and crucial topic: the Cyber Resilience Act. With us are two guests who are experts in their fields: Guillaume Crinon, Director of IoT Business Strategy at Keyfactor, and Romain Tesniere, Business Development Manager at Avnet Silica. Guillaume and Romain bring a wealth of knowledge and experience in IoT security and business strategy, making them the perfect guides to help us navigate this important legislation. The Cyber Resilience Act aims to enhance the security of connected devices, but what does that mean for businesses, developers, and end-users? We'll explore the benefits, challenges, and impacts of this Act and practical steps for ensuring IoT security. #iot #security #cra #wetalkiot   Summary of this week's episode: 01:42 Understanding the Cyber Resilience Act 02:04 Keyfactor's Role in IoT Security 03:37 Avnet Silica's Approach to Security 05:19 Exploring the Cyber Resilience Act 10:42 Challenges and Risk Assessments 19:05 Practical Implementations and Examples 23:15 Collaboration and Future Prospects 24:44 Balancing Innovation and Security   Show notes: Guillaume Crinon: https://www.linkedin.com/in/guillaumecrinon/ Romain Tesniere: https://www.linkedin.com/in/romain-tesniere-26698b80/   About Keyfactor: https://www.keyfactor.com   Deep dive into the Cyber Resilience Act: https://my.avnet.com/silica/solutions/iot/secure-device-management-provisioning/ https://www.keyfactor.com/resources/content/eight-steps-to-iot-security?lx=6IfNm7 https://www.brighttalk.com/webcast/17778/604186   About Avnet Silica: This podcast is brought to you by Avnet Silica—the Engineers of Evolution. You can connect with us on LinkedIn: https://www.linkedin.com/company/silica-an-avnet-company/. Or find us at www.avnet-silica.com.The podcast and artwork embedded on this page are from Avnet Silica, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

In Folge #88 tauchen Julius und Marcel tief in die Welt der Security bei der BEUMER Group ein. Zu Gast ist dieses Mal Ibrahim Memis, der Global Head of Cyber and Information Security bei BEUMER ist. Von Distributionszentren für Pakete, über Gepäckförderanlagen an Flughäfen: Die BEUMER Group ist ein international führender Hersteller von intralogistischen Systemen zum Fördern, Laden, Palettieren, Verpacken, Sortieren und Verteilen. Das 1935 gegründete Unternehmen hat heute weltweit knapp 5.600 Mitarbeitende in über 70 Ländern. Gobal erwirtschaftet BEUMER einen Jahresumsatz von rund 1,2 Milliarden Euro. Gemeinsam geben die drei einen Einblick in das Thema Product Security. Was muss man beachten, um den steigenden Anforderungen der Kund:innen im Bereich der Produktsicherheit gerecht zu werden?

Mit dem Inkrafttreten des Cyber Resilience Act 2027 wird die Software Bill of Materials (SBOM) für Unternehmen verpflichtend. Die SBOM ist ein detailliertes Inventar aller Bestandteile einer Softwareanwendung und ermöglicht einen lückenlosen Überblick über die eingesetzten Komponenten. Der VDMA empfiehlt Unternehmen, sich frühzeitig vorzubereiten, um digitale Produkte weiterhin erfolgreich verkaufen zu können. In der neuesten Folge des VDMA Industrie Podcasts spricht Tobias Pfeiffer, Product Security Officer bei Festo, über die Chancen und Herausforderungen der Einführung einer SBOM. Maximilian Moser, Referent Industrial Security, Product Security, OT-Security des VDMA, betont die Notwendigkeit, kleine und mittelständische Unternehmen zu unterstützen. Der VDMA bietet seinen Mitgliedsunternehmen zahlreiche Angebote, insbesondere durch den Arbeitskreis Industrial Security. Bereiten Sie sich rechtzeitig auf den Cyber Resilience Act 2027 vor und nutzen Sie die Vorteile der SBOM für Ihr Unternehmen! Produktion: New Media Art Pictures

Irish businesses continue to face challenges in complying with the General Data Protection Regulation (GDPR) six years on from its introduction, according to new research. The findings were presented by Forvis Mazars and McCann FitzGerald LLP in their latest joint survey, "GDPR and Digital Legislation: A Survey of the Impact and Effect on Organisations in Ireland". The research, which was conducted by Ipsos B&A, found that just 15% of businesses consider their organisation to be 'fully compliant' with the legislation, which is billed as the toughest privacy and security law in the world. A further 58% of respondents indicated their organisation was 'materially compliant', and 25% said their organisation was 'somewhat compliant'. In order to achieve their compliance targets, half of the businesses surveyed believe they need more resourcing, financial investments or further expertise in this space. The research also found that 82% of respondents believe the risks associated with GDPR non-compliance are increasing, with respondents citing 'reputational risk' as the most important factor in determining an organisation's data protection risk appetite, followed by 'fear of fines'. Eight in 10 (81%) of the businesses surveyed say they intend to improve their compliance status. This is the eighth edition of the Forvis Mazars and McCann FitzGerald LLP annual survey on the impact of GDPR on organisations in Ireland. As well as examining the latest perceptions among Irish businesses regarding GDPR compliance, the report also assesses awareness and readiness for a wave of new legislative developments from the European Union in response to rapid technological changes. Findings show that 60% of those surveyed are concerned about the impact of new digital legislation on their organisation, which includes DORA (the Digital Operational Resilience Act), the AI Act, the Data Act, the Data Governance Act, the Digital Services Act, the Online Safety and Media Regulation Act, the Digital Markets Act, the Network and Information Security Directive 2 (NIS2) and the Cyber Resilience Act. There is also a high degree of uncertainty regarding the new legislation with many respondents being unsure of their applicability to their business, which suggests further education and awareness is required within organisations. Key Findings: 82% of respondents agree that the risks associated with GDPR non-compliance are increasing, up from 70% in last year's survey. 81% of respondents intend on improving their compliance status. 59% of respondents are concerned about the prospect of being fined for GDPR non-compliance, compared to 58% in last year's survey. 47% of respondents agree that working to comply with GDPR has delivered many benefits for their organisation, up from 34% last year. Over half of the respondents (52%) say that the CEO of their organisation is strongly engaged in GDPR compliance and data privacy, compared to 50% in 2023. Six out of 10 respondents are concerned about upcoming digital legislation. 63% of respondents indicated that the AI Act will apply to their organisation. Liam McKenna, Partner in Consulting Services at Forvis Mazars, said: "This survey underscores the essential need for organisations to remain up to date with both current and forthcoming regulations in the digital space. Irish businesses must diligently maintain their compliance initiatives, particularly amid the significant financial and reputational risks at stake. "Although GDPR regulations were implemented in 2018, that only 15% of Irish companies are fully compliant is a concern for Irish business, particularly in light of further digital legislation coming down the tracks including the Digital Operational Resilience Act (DORA), AI Act, Data Act, and Digital Services Act, among others. Irish companies therefore need to urgently focus on GDPR adherence, while actively gearing up for new legislative requirements." Paul Lavery, Partner at McCann FitzGerald LLP, added: "The...

Wie läuft Cybersecurity im produzierenden Unternehmen? David Kreft, CISO und Head of Corporate Security & Data Protection bei WAGO teilt mit Niklas seine Erfahrungen und gibt Einblicke in Security Awareness Trainings. Sie diskutieren die Herausforderungen der Digitalisierung, die Rolle der Künstlichen Intelligenz und die Bedeutung von Cybersicherheitsbildung. Außerdem beleuchten sie aktuelle EU-Regulierungen wie die NIS-2-Richtlinie und den Cyber Resilience Act und deren Auswirkungen auf Unternehmen. Wenn ihr das nicht verpassen wollt, hört jetzt die neueste Episode des Human Firewall Podcasts!

Our new episode of the Wolf Theiss Soundshot Podcast is the sixth one in our "Digital Law" series.In this episode, Roland Marko and Lisa Bernsteiner discuss the EU's new cybersecurity framework and examine the latest legal acts designed to enhance protection against the increasing number and sophistication of cyberattacks across EU countries. This includes the NIS2 Directive, which establishes a stricter framework with comprehensive compliance and reporting obligations for a much broader range of companies, including those within the supply chain.Our experts also discuss the Critical Entities Resilience (CER) Directive, aimed at ensuring the maintenance of vital societal functions and economic activities, the Digital Operational Resilience Act (DORA), which focuses on managing ICT risks in the financial services sector, the Cyber Resilience Act and other EU acts containing cybersecurity provisions, such as the Machinery Regulation, the Data Act and the AI Act.Tune in to learn more about the EU's approach to tackling cyber threats, how it may impact your organisation, and how to start preparing for these new comprehensive compliance requirements. Listen to the new podcast episode on our website, Spotify, Apple Podcasts, Google Podcasts or Amazon Music under “Wolf Theiss Soundshot”.If you have any questions, please do not hesitate to contact us at soundshot@wolftheiss.com.

Björn Sjöholm (Seadot) talade om Cyber Resilience Act under en FOKUS-kväll hos SIG Security. Detta avsnitt bygger på just den presentationen. Cyber Resilience Act (CRA) - vad är det egentligen? De kommande EU-reglerna i CRA ska värna konsumenternas säkerhet avseende digitala produkter. Men vad innebär detta för företag och leverantörer? Kraven på säkerhet i produkter, tjänster och på organisationer ökar och CRA respektive NIS2 är två av de viktigaste. Vad blir det för skillnad när en organisation ska efterleva krav på produkter respektive på organisationen? Vi reder ut vilka utmaningar vi har och vad skillnaderna är. Och vad innebär det i praktiken för oss konsumeten? T.ex. om man köper ett uppkopplat kyskåp - vad för krav ställer CRA på tillverkarna och vad ska man som konsument leta efter?

Am 9. Juni 2024 findet die Europawahl in Deutschland statt. Auch für die Digitalbranche ist das ein wichtiges Ereignis. Denn mittlerweile wird eine Vielzahl der für sie relevanten Entscheidungen auf EU-Ebene getroffen. Gerade in den letzten fünf Jahren sind hier viele bedeutende Gesetze auf den Weg gebracht worden. Dazu gehören u.a. der erst kürzlich verabschiedete AI Act, der Data Act, der Digital Services Act, der Cyber Resilience Act, die eIDAS- und die CSAM-Verordnung. Die von Table.Europe präsentierte Folge von “Das Ohr am Netz” nimmt die anstehende Wahl zum Anlass, um die zurückliegende Legislaturperiode Revue passieren zu lassen. Sidonie und Sven sprechen dabei mit Politiker:innen und Vertreter:innen der Digitalbranche darüber, welche Bedeutung der europäische Binnenmarkt für den Digitalstandort Deutschland hat, was in den letzten fünf Jahren durch die Digitalisierungsagenda der Von-der-Leyen-Kommission erreicht wurde und wo in Zukunft nachjustiert werden muss. Mit Werner Stengg, Experte im Kabinett von Margrethe Vestager, EU-Kommissarin für Digitalisierung, spricht Sidonie über die von der EU-Kommission ausgerufene Digitale Dekade, darüber welche Schritte für die Umsetzung der Strategie maßgeblich sind und was die scheidende Kommission bereits getan hat, um Europa fit für eine digitale Zukunft zu machen. Im Gespräch mit Sven erklärt eco Vorstandsvorsitzender Oliver Süme, welche Bedeutung der auf EU-Ebene geschaffene Rechtsrahmen für die Branche hat und warum eine kommende Kommission ihren Fokus weniger auf das Verabschieden weiterer Gesetze legen sollte, als darauf, die europäischen Unternehmen bei der Umsetzung der Vorgaben zu unterstützen. Sergey Lagodinsky, Mitglied des Europäischen Parlaments und zweiter Spitzenkandidat der Grünen macht im Gespräch mit Sidonie deutlich, für welche europäische Digitalpolitik seine Partei steht und warum Europa jetzt eine neue Rolle einnehmen muss, um Digitalisierung und KI made in Europe voranzutreiben. Viel Spaß beim Hören! Weitere Informationen: eco Themenplattform EU Wahl digital 24 eco-Wahlcheck eco zur Abstimmung der Mitgliedstaaten über den AI Act eco-Umfrage anlässlich des 75. Jubiläums des Grundgesetzes Event: Security Insights Berlin 2024 mit Co-Host IONOS Table.Media Event: Europa nach der Schicksalswahl Link zum Wahl-O-Mat zur EU-Wahl 2024 ----------- Redaktion: Christin Müller, Laura Rodenbeck, Anja Wittenburg, Melanie Ludewig Schnitt: David Grassinger Moderation: Sidonie Krug, Sven Oswald Produktion: eco – Verband der Internetwirtschaft e.V.

Die Gefahr durch Cyberattacken steigt rasant. Laut Bitkom verursachen Angriffe auf deutsche Unternehmen jährlich Schäden von über 200 Milliarden Euro. Wie können sich Unternehmen schützen? Welche Rolle spielen gesetzliche Regularien wie NIS-2 und der Cyber Resilience Act? Dr. Lutz Jänicke, Corporate Product & Solution Security Officer bei Phoenix Contact, erklärt im Gespräch mit Christina Jahnich, wie Unternehmen ihre Cyberabwehr stärken können. Außerdem beleuchtet er die zentrale Bedeutung von Cybersecurity für die All Electric Society

In this episode, we talk to Steve Orrin, Chief Technology Officer and Senior PE at Intel Federal, about his unique journey from biology to cybersecurity leadership. We discuss the main challenges faced by federal bodies in the cybersecurity landscape and how they differ across industries like Aerospace, Education, and Healthcare.Steve shares valuable insights on product cybersecurity, emphasizing the growing interest from governments worldwide, as seen in regulations like the FDA Premarket Guidance and the Cyber Resilience Act. He offers advice to vendors, suppliers, and users on navigating this evolving regulatory landscape.

Philipp Schulte, CEO of Giesecke+Devrient Mobile Security, pioneers connectivity and IoT innovation. His corporate strategy expertise, coupled with CFO experience, drives his passion for innovation. With a background in management consulting and academia, he brings a strategic vision to the forefront. On The Menu: 1. IoT provides secure technology for critical infrastructures, ensuring reliable data transmission and security benefits. 2. Investments in transportation, logistics, and tracking solutions optimizing supply chains, and enhancing environmental control. 3. Efficiency and waste reduction, such as eliminating plastic SIM cards, lead to CO2 footprint advantages. 4. Reducing complexity and ensuring interoperability is crucial for IoT's full growth potential. 5. Importance of balancing regulatory changes like the AI Act and Cyber Resilience Act to foster a healthy IoT ecosystem. 6. Security is built into all layers, including chips, operating systems, encryption technology, and data management. Click here for a free trial: https://bit.ly/495qC9U Follow us on social media to hear from us more - Facebook- https://bit.ly/3ZYLiew Instagram- https://bit.ly/3Usdrtf Linkedin- https://bit.ly/43pdmdU Twitter- https://bit.ly/43qPvKX Pinterest- https://bit.ly/3KOOa9u Happy creating! #PhilippSchulte #G+D #MarketerOfTheMonth #IoT #Innovation #Outgrow #Podcastoftheday #MarketingPodcast #Marketing

Cracking the code for cybersecurity, interview from the Rail Cybersecurity UK EU 10th annual conference, with Johannes Emmelheinz, CEO Siemens Mobility Customer ServicesCracking the code for cybersecurity Legislation, such as NIS2, the Cyber Resilience Act and other national cyber regulation, require cybersecurity to be sustained actively by the rail industry.This challenge must be managed by suppliers, integrators and operators jointly with automated, coordinated work processes which are supported by tools adapted to the assets.The presentation will provide an overview of Siemens Mobility's comprehensive approach to increase the resilience of its customers.Presented through practical examples such as cloud security, vulnerability monitoring and management with decision support for the operators, security monitoring and incident response.

In this episode of The IoT Podcast, we continue the IoT security conversation with Shahram Mossayebi - Founder & CEO at Crypto Quantique, who breaks down the implications of the recently passed EU's Cyber Resilience Act for manufacturers and businesses and why traditional security approaches just won't cut it. We dive into why security isn't just an expense—it's an investment in the ongoing battle against cyber threats and the changing mindset to this. We also lens in on how even the most seemingly harmless devices like a fish tank thermometer can become a cybercriminals gateway and how quantum resistant cryptography can offer future-proof solutions for unbreakable encryption. Chapters... 00:00 Introduction and Background 03:03 The Importance of IoT Security 08:11 Crypto Quantique's Approach to IoT Security 14:00 The EU Cyber Resilience Act 27:20 IoT Security Regulations 28:01 Challenges of Selling IoT Security 29:08 Accountability for IoT Security 30:22 Paradigm Shift in Security Consciousness 31:19 Enforcement of IoT Security Regulations 32:26 Quantum Security and CryptoQuantique 33:47 Advantages and Integration of Quantum Security 36:36 Post-Quantum Cryptography 38:13 Quantum Randomness and Root of Trust 43:17 Working with the Open Source Community 48:54 Challenges in Recruitment 52:06 Gadget You Can't Live Without 53:29 Passion for Problem Solving And much more! Thank you to our season sponsor 5V Tech. Discover how 5V Tech can help you unlock your scaling potential in cutting-edge tech and IoT, here: https://www.weare5vtech.com/ ABOUT THE GUEST Shahram Mossayebi, Founder and CEO of Crypto Quantique, is dedicated to revolutionising IoT security. With a background in physics and cryptography, combined with years in cybersecurity, Shahram founded Crypto Quantique to offer a holistic, user-friendly solution. Their groundbreaking approach integrates physics advancements into low-cost devices and intuitive software, ensuring robust security for IoT applications. Connect with Shahram: https://www.linkedin.com/in/mossayebi/ ABOUT CRYPTO QUANTIQUE Crypto Quantique pioneers transformative solutions in IoT security. Committed to revolutioniSing the landscape of cybersecurity, Crypto Quantique combines cutting-edge advancements in physics and cryptography with intuitive software to deliver robust, scalable security solutions for the Internet of Things (IoT) ecosystem. By integrating groundbreaking physics innovations into cost-effective devices and user-friendly software, Crypto Quantique ensures comprehensive protection across diverse IoT applications, from connected cars to high-end consumer goods. Find out more about Crypto Quantique:https://www.cryptoquantique.com/ SUBSCRIBE TO THE IOT PODCAST ON YOUR FAVOURITE LISTENING PLATFORM: https://linktr.ee/theiotpodcast Sign Up for exclusive email updates: https://theiotpodcast.com/get-exclusive-access/ Contact us to become a guest/partner: https://theiotpodcast.com/contact/ Connect with host Tom White: / tom5values

Guest Ciarán O'Riordan Panelist Richard Littauer | Leslie Hawthorne Show Notes In this episode, host Richard Littauer and co-host Leslie Hawthorne engage with Ciarán O'Riordan, Senior Policy Advisor from Open Forum Europe (OFE), diving into the intricacies of the Cyber Resiliency Act (CRA) and its implications for the Free and Open Source Software (FOSS) community. Ciarán shares his journey from software development to policy advocacy, emphasizing the critical role of policy work in shaping the future of open source. He provides an in-depth analysis of the CRA, highlighting concerns about its initial draft, the involvement of the FOSS community in shaping its final form, and the potential challenges and opportunities it presents. The discussion also touches on other significant legislative developments in Europe, such as the Product Liability Directive and the AI Act, and their potential effects on open source software. Press download now to hear more! [00:01:25] Ciarán explains how he became a Senior Policy Advisor, his passion for policy work, tracing his journey from a software developer in Dublin to his 20-year career in Brussels focusing on policy advocacy, including his recent position at OFE. [00:06:08] Leslie asks Ciarán for a summary of the Cyber Resilience Act (CRA) and its specific implications for the free and open source software ecosystem. Ciarán contrasts the initial and final versions of the CR, detailing the changes made, the lightened obligations for free and open source software, and the ongoing compliance challenges for commercial distributions. [00:11:02] Leslie inquires how software foundation's responsible for producing commercialized software are impacted by the Cyber Resilience Act. Ciarán explains that the final version of the Act introduces a new category called “Open Source Stewards” for entities like software foundations, which have a reduced set of obligations without fines. He also mentions the timeline for the CRA, stating in will come into force around summertime 2027, after being officially signed. [00:16:09] Richard asks about the CRA's impact on individual non-European developers, like himself, who have repositories on platforms like GitHub or GitLab. Ciarán responds that the specifics of how the CRA will affect such developers will become clear once the standards are developed. [00:17:55] Ciarán clarifies the role of software foundations is to provide services or procedures for compliance, which may vary across different foundations. [00:19:36] Richard wonders who benefits from this Act, and Ciarán discusses the justification for the CRA, which is cost-based, comparing the cybersecurity costs with compliance costs. [00:21:31] Leslie asks about the process of creating standards for CRA compliance and how average FOSS developers can influence these standards and questions the best ways for FOSS developers to get involved in influencing the outcomes beneficial to the FOSS ecosystem. Ciarán notes that working on standards and policy is complex and compares it to contributing to software development on short notice. [00:26:07] Ciarán discusses OFE's multi-layered structure and the FOSS community list, which serves as a base for information sharing and connection. [00:27:24] Richard questions the impact CRA on individual developers with numerous dependencies in their projects. Ciarán reassures that there is no immediate cause for panic as the CRA will not come into force until summer 2027 and many details will be clarified in the coming years. [00:28:39] Leslie shifts the discussion the Product Liability Directive (PLD) and its relevance to the FOSS ecosystem and Ciarán goes in depth about it. [00:33:36] Find out where you can learn more about Ciarán and OFE on the web. Quotes [00:04:58] “We'd love to have better cyber security, especially if it just falls from the sky.” [00:22:31] “Working on standards and policy in general is about as complex as working on software development.” [00:24:00] “In terms of getting involved, two important things: First is getting in contact with other people, and the second is the need to do some work on your own initiative without having been brought into some of these groups.” Spotlight [00:35:35] Leslie's spotlight is the Open Source in The European Legislative Landscape devroom. [00:35:59] Richard's spotlight is the book, “Better Living Through Birding.” [00:36:42] Ciarán's spotlight is two books: “Thy Neighbour's Wife” and “The Life Show.” Links SustainOSS (https://sustainoss.org/) SustainOSS Twitter (https://twitter.com/SustainOSS?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) SustainOSS Discourse (https://discourse.sustainoss.org/) podcast@sustainoss.org (mailto:podcast@sustainoss.org) SustainOSS Mastodon (https://mastodon.social/tags/sustainoss) Open Collective-SustainOSS (Contribute) (https://opencollective.com/sustainoss) Richard Littauer Socials (https://www.burntfen.com/2023-05-30/socials) Leslie Hawthorne LinkedIn (https://www.linkedin.com/in/lesliehawthorn/?originalSubdomain=de) Ciarán O'Riordan LinkedIn (https://www.linkedin.com/in/ciaranor/?originalSubdomain=be) Ciarán O'Riordan- Presentation of the Cyber Resilience Act (YouTube) (https://www.youtube.com/watch?v=DuQ-QBNezLg) OpenForum Europe (https://openforumeurope.org/) OpenForum Europe Events (https://openforumeurope.org/events/) OpenForum Europe Open Source (https://openforumeurope.org/open-source/) Open Source Policy Community List (https://groups.google.com/a/openforumeurope.org/g/foss-community) Sustain Podcast-Episode 125: Astor Nummelin Carlberg of OFE on the Economic Impact of Open Source (https://podcast.sustainoss.org/guests/carlberg) Product Liability Directive 1985 (https://en.wikipedia.org/wiki/Product_Liability_Directive_1985) Open Source In The European Legislative Landscape devroom (https://fosdem.org/2024/schedule/track/eu-policy/) Better Living Through Birding: Notes From A Black Man In The Natural World by Christian Cooper (https://www.penguinrandomhouse.com/books/671722/better-living-through-birding-by-christian-cooper/) [Thy Neighbour's Wife by Liam O'Flaherty](https://en.wikipedia.org/wiki/ThyNeighbour%27sWife) The Life Show by Chi Li (https://www.amazon.sg/Life-Show-Chi-Li/dp/7559421903) Credits Produced by Richard Littauer (https://www.burntfen.com/) Edited by Paul M. Bahr at Peachtree Sound (https://www.peachtreesound.com/) Show notes by DeAnn Bahr Peachtree Sound (https://www.peachtreesound.com/) Special Guest: Ciarán O'Riordan.

#CYBERSECURITY #FRAMEWORK #ELEKTROHÄNGEBAHN www.iotusecase.comSEW-EURODRIVE ist Marktführer der Antriebs- und Automatisierungstechnik. Wir stellen im Podcast die Frage: Wie schützen sie ihre Produkte bspw. „Elektrohängebahnen“ vor Manipulation von außen? Was sind mögliche Gefahren und Schäden für derartige Geräte und Anlagen? Und wie kann man auf Basis von Daten gute Risikoanalysen für Produkte durchführen - und für welche Use Cases? Das erfahrt ihr in Podcastfolge Nummer 123 mit ITK Engineering und SEW-EURODRIVE. Folge 123 auf einen Blick (und Klick):[07:57] Herausforderungen, Potenziale und Status quo – So sieht der Use Case in der Praxis aus[17:02] Lösungen, Angebote und Services – Ein Blick auf die eingesetzten TechnologienZusammenfassung der PodcastfolgeDie zunehmende Digitalisierung und Vernetzung in der Industrie stellt neue Herausforderungen für die Cyber Security dar, insbesondere durch Ransomware und Wirtschaftsspionage. ITK Engineering und SEW-EURODRIVE sprechen in dieser Podcastfolge über ihr gemeinsames Projekt im Bereich Cyber Security und ihre Rollen darin. Das Projekt umfasst die gesamte Bandbreite des Security-Engineering-Prozesses - von der Risikoanalyse bis zum Penetration Testing. Zu Gast sind beiden Experten Alexander Goerbing (Cyber Security Engineer, Tech Lead, ITK Engineering) und Stefan Schmitt (Chief Product Owner, SEW-EURODRIVE). Gemeinsam diskutieren sie, wie sie im Rahmen des MAXOLUTION® Software-Frameworks zusammenarbeiten, um Herausforderungen der Digitalisierung zu bewältigen und industrielle Prozesse gegen Wirtschaftsspionage und Manipulation zu schützen. Sie betonen die Wichtigkeit der Risikoanalyse, Compliance mit aktuellen Normen und die Vorteile einer verbesserten Diagnostizierbarkeit, um Kunden einen echten Mehrwert zu bieten.  In dieser Folge geht es um: die Bedeutung von Präventionsmaßnahmen gegen Wirtschaftsspionage und Sabotage die Diagnostizierbarkeit von Anlagen und die Vorteile einer übergreifenden Datenanalyse für die Kunden werden hervorgehoben. die Analyse und Schutzmaßnahmen verschiedener Datentypen und die Klassifizierung schützenswerter Güter die Anwendung von Angriffsbäumen und spezialisierten Tools wie CycurRISK für eine strukturierte Risikoanalyse die Wichtigkeit von Normen und Verordnungen, einschließlich des Cyber Resilience Act der EU, für die Produkt- und Prozesssicherheit  die kontinuierliche Überprüfung und Anpassung der Cyber Security-Strategie angesichts neuer Anforderungen und Entwicklungen  ---Relevante Folgenlinks:Alexander (https://www.linkedin.com/in/alexander-g%C3%B6rbing-a14942162/)Stefan (https://www.linkedin.com/in/stefan-schmitt-a01515211/)Madeleine (https://www.linkedin.com/in/madeleine-mickeleit/)Folge 111: https://iotusecase.com/de/podcast/oee-bestimmung-im-bosch-rexroth-werk-das-itk-transparency-toolkit-im-einsatz/Jetzt IoT Use Case auf LinkedIn folgen

Welcome to IoT Coffee Talk #198 where we have a chat about all things IoT over a cup of coffee or two with some of the industry's leading business minds, thought leaders and technologists in a totally unscripted, organic format. Thanks for joining us. Sit back with a cup of Joe and enjoy the morning banter.This week, Bill, Pete, Rob, Andreea, Jan, Tom, Marc, Dimitri, and Leonard reporting from MWC 2024 jump on Web3 to talk about:* BAD KARAOKE: Leonard's hack job version of Chick Corea's "Spain"* Welcome to Mobile World Congress 2024 in Barcelona from the Ciena booth at Fira!* Marc's IoT Stars update! * How to grow your YouTube channel! Social media rubbernecking* IoT Stars is dead! Next year, Gen AI Stars! Be ready for it!* Meeting Ray Ozzie and hanging with Alistair Fulton and Blues* NTN - an extraterrestrial hype?* 5G is dead and should be resurrected,... FAST!* Private 5G networks - dead or alive?* AI, the savior once again? Or is it?* Bill's DistribuTech update - Electrification!* Are events back? Maybe 2024 will be a better year?* Jan's Industry 4.0 update on LoRaWAN* Security First is tragically a bad business model* Congrats ROB!!! Congrats Nick! Rob is going to be a grandpa,... eventually!* Cyber Resilience Act in the EU - Marc goes political and geopolitical! Answer, VPN!!It's a great episode. Grab an extraordinarily expensive latte at your local coffee shop and check out the whole thing. You will get all you need to survive another week in the world of IoT and greater tech!Thanks for listening to us! Watch episodes at http://iotcoffeetalk.com/. Your hosts include Leonard Lee, Stephanie Atkinson, Marc Pous, David Vasquez, Rob Tiffany, Bill Pugh, Rick Bullotta and special guests. We support Elevate Our Kids to bridge the digital divide by bringing K-12 computing devices and connectivity to support kids' education in under-resourced communities. Please donate.

Das EU-Datenwirtschaftsrecht schafft mit einer Vielzahl von Rechtsakten Vorgaben zum Umgang mit Daten, insbesondere zum „Sharing“ (Data Act, Digital Governance Act, AI Act, etc.) zusätzlich werden weitere Vorgaben geschaffen, welche die Verarbeitung personenbezogener Daten - zumindest - zum Teil erfordern (Digital Services Act, Cyber Resilience Act, DORA, etc.). Hier stellt sich die Frage nach dem Vorrang dieser jüngeren Rechtsakte. Sofern der Gesetzgeber diesen Aspekt geregelt hat, hat er den möglichen Konflikt zum Datenschutzrecht nicht „zu Ende diskutiert“, sondern überlässt ihn mit unterschiedlichen Maßgaben der Praxis. Diese Unterschiede werden in dieser Podcast-Folge beleuchtet. Das weitgreifende Komplettangebot inklusive Formulare zu DSGVO/TTDSG/BDSG im Beratermodul Datenschutzrecht. 4 Wochen gratis nutzen! ⁠⁠ottosc.hm/dsgvo

Was gibt es Neues im IT-Recht im Jahr 2024? Welche Regelungen und Gesetze treten in Kraft? Welche Auswirkungen haben sie für Unternehmen? Und über welche Anforderungen musst du Bescheid wissen? All das fasse ich für dich in dieser Episode zusammen. Los geht es mit dem Thema künstliche Intelligenz, das ja auf internationaler Ebene viel Potenzial, aber auch einige Risiken birgt, und schlussendlich uns alle betrifft. Wie ist hier der Stand der Dinge? Welche Fragen gibt es etwa auf Ebene des Urheberrechts und des Datenschutzes? Weiter geht es mit der EU-Produkthaftungsrichtlinie und dem Cyber Resilience Act. Welche Implikationen haben diese Gesetze für die Cybersicherheit und den Produktlebenszyklus eines Produktes - und damit für Hersteller? Und wie sieht es überhaupt in Deutschland aus? Was bedeuten NIS2.0, das Digitale-Dienste-Gesetz und die Stärkung digitaler Kommunikation für die Sicherheit deines Unternehmens? Die Antworten auf all diese Fragen bekommst du in dieser Folge. LINKS: [Meine Website](https://www.paul-stengel.de) [Kontaktiere mich bei LinkedIn](https://www.linkedin.com/in/paul-g-stengel-771947216/) DIR GEFÄLLT WAS DU HÖRST? Dann hinterlasse mir bitte eine 5-Sterne-Bewertung auf Apple Podcasts, eine Rezension und abonniere den Podcast. Vielen Dank für deine Unterstützung! Hier bei Apple Podcasts bewerten und abonnieren: https://podcasts.apple.com/de/podcast/informationssicherheit-einfach-verstehen-cyber-security/id1694694337 Dieser Podcast wird produziert von der Podcast-Agentur Podcastliebe. Mehr dazu: https://podcastliebe.net

Le ultime novità su Cyber Resilience Act e su AI Act, oltre a qualche altra robetta legislative che è utile sapere. Links: EU CRA: What does it mean for open source? - https://berthub.eu/articles/posts/eu-cra-what-does-it-mean-for-open-source/ CSS Mixins & Functions Explainer - https://css.oddbird.net/sasslike/mixins-functions/ A bridge to Bluesky - https://snarfed.org/2024-02-12_52106 00:00 Intro 02:48 CRA testo finale 11:07 AI Act testo finale 16:37 Bonifici istantanei e Flipper Zero 21:35 Links #eu #europe #cra #cybersecurity #ai #aiact === Podcast Spotify - ⁠https://open.spotify.com/show/4B2I1RTHTS5YkbCYfLCveU Apple Podcasts - ⁠https://podcasts.apple.com/us/podcast/buongiorno-da-edo/id1641061765 Amazon Music - ⁠https://music.amazon.it/podcasts/5f724c1e-f318-4c40-9c1b-34abfe2c9911/buongiorno-da-edo = RSS - ⁠https://anchor.fm/s/b1bf48a0/podcast/rss --- Send in a voice message: https://podcasters.spotify.com/pod/show/edodusi/message

In einer Welt, die zunehmend digitalisiert ist, ist die Sicherheit unserer Daten und Systeme von entscheidender Bedeutung. Doch wie können wir uns vor Cyberangriffen u.ä. schützen? Über diese Frage hat auch die EU gebrütet und nach langem Hin & Her eine umfangreiche IT-Sicherheitsstrategie entwickelt. Mit Rechtswissenschaftler und IT-Sicherheitsexperten Prof. Dr. Dennis-Kenji Kipker sprechen wir über die Network and Information Security 2 Richtlinie und den Cyber Resilience Act. Wer ist betroffen? Was ist zu tun? Und sind diese Vorhaben sinnvoll oder nur ein Innovationshemmer?Quellen Einleitung:https://www.bsi.bund.de/DE/Service-Navi/Publikationen/Lagebericht/lagebericht_node.htmlhttps://de.statista.com/statistik/daten/studie/295265/umfrage/polizeilich-erfasste-faelle-von-cyberkriminalitaet-im-engeren-sinne-in-deutschland/https://de.statista.com/statistik/daten/studie/692414/umfrage/haeufigkeit-der-cyber-angriffe-in-unternehmen-weltweit/https://www.zeit.de/digital/2023-06/hacking-cyberkriminalitaet-umfrage-unternehmenhttps://de.statista.com/statistik/daten/studie/1416465/umfrage/anteilige-schaeden-durch-cyberattacken/https://de.statista.com/statistik/daten/studie/1192445/umfrage/ausgaben-fuer-cybersicherheit-weltweit/https://de.statista.com/statistik/daten/studie/1041736/umfrage/ausgaben-fuer-it-security-in-deutschland/https://de.wikipedia.org/wiki/Datei:SpiegelMining_%E2%80%93_Reverse_Engineering_von_Spiegel-Online_(33c3).webm Unsere Social-Media Seiten, um auf dem Laufenden zu bleiben:https://www.instagram.com/hirnschmaus/https://twitter.com/HirnschmausUnsere Webseite:www.hirnschmaus.deKontakt:kontakt(at)hirnschmaus.de Hosted on Acast. See acast.com/privacy for more information.

Les références : Page Wikipédia de Blender Celebrating 30 years of Blender Projects to Look Forward in 2024 Les communautés Blender Un nouveau noyau Linux a été publié et il s'agit d'un très gros bébé Cybersécurité - le texte du CRA a été finalisé Aboutissement du trilogue sur le Cyber Resilience Act : le pire est évité, mais des flous demeurent CentipedeRTK ou la naissance d'un géocommun Polish Hackers Repaired Trains the Manufacturer Artificially Bricked. Now The Train Company Is Threatening Them 800 franchisés de la poste britannique condamnés à tort à cause d'un logiciel défectueux Chronique de Vincent Calame « Le bogue qui envoie à la case prison » (2022) 10 experts ont 72 jours pour « déterminer le bon usage des écrans : il en va de l'avenir de nos démocraties »Vous pouvez commenter les émissions, nous faire des retours pour nous améliorer, ou encore des suggestions. Et même mettre une note sur 5 étoiles si vous le souhaitez. Il est important pour nous d'avoir vos retours car, contrairement par exemple à une conférence, nous n'avons pas un public en face de nous qui peut réagir. Pour cela, rendez-vous sur la page dédiée.Pour connaître les nouvelles concernant l'émission (annonce des podcasts, des émissions à venir, ainsi que des bonus et des annonces en avant-première) inscrivez-vous à la lettre d'actus.

In this episode, Colin is joined by Rebecca Rumbul, CEO of Rust Foundation, and Mirko Boehm from Linux Foundation Europe. Between them, they have decades of experience in open source. They start by discussing the critical role open source has grown to play in the world of software and how this, along with its growing complexity, presents significant challenges. They then turn their attention to the Cyber Resilience Act (CRA), a piece of EU legislation that is actively under development, designed to make end-user products more secure. Early drafts of this act detailed significant obligations on open source maintainers, despite the fact that they often work without financial reward. This caused concern, fear and some anger in the open source community. They discuss the latest update to the CRA, which has thankfully addressed these concerns, and ponder whether it will actually solve the problems it has set out to tackle. Links from the podcast: Panel Discussion: The Impact of the CRA on the Open Source Ecosystem – Cheukting, Mirko & Greg, Laura, Justin, Philip The EU's new Cyber Resilience Act is about to tell us how to code – Bert Hubert's writings Will the Cyber Resilience Act help the European ICT sector compete? Understanding the Cyber Resilience Act: What Everyone involved in Open Source Development Should Know EU CRA: What does it mean for open source? – Bert Hubert's writings  The EU's Proposed CRA Law May Have Unintended Consequences for the Python Ecosystem

Der Geek spricht mit Daniel über die Themen, die wir gerne im alten Jahr lassen würden und formulieren unsere Wünsche, welche Themen 2024 mehr Aufmerksamkeit und Erfolg bekommen sollen.Als Auftaktfolge rasen wir querbeet durch den Themengarten der Digitalisierung und pendeln hart zwischen ÖPNV, dummen Web-Formularen, App-Abos, LLMs everywhere und staatlicher Regulierung.

This episode is Part 5 of our Energy Talks miniseries called Cybersecurity in the Power Grid, in which we provide you with a 360-degree view of how power grids can best safeguard their infrastructures from cyber-attacks. In this episode, Andreas Klien, OMICRON cybersecurity expert and Business Area Manager of Power Utility Communication, discusses the security engineering of digital products used in the power grid with his guest, Sarah Fluchs, Chief Technology Officer at admeritia GmbH. Together, they debate the question, “Can power grid operators trust their manufacturers to ensure reliable cybersecurity?”

In a recent conversation at the Open Source Summit in Bilbao, Spain, Gabriel Colombo, the General Manager of the Linux Foundation Europe and the Executive Director of the Fintech Open Source Foundation, discussed the potential impact of the Cyber Resilience Act (CRA) on the open source community. The conversation shed light on the challenges and opportunities that the CRA presents to open source and how individuals and organizations can respond.The conversation began by addressing the Cyber Resilience Act and its significance. Gabriel Colombo explained that while the Act is being touted as a measure to bolster cybersecurity and national security, it could have unintended consequences for the open source ecosystem, particularly in Europe. The Act, currently in the legislative process, aims to address cybersecurity concerns but could inadvertently hinder open source development and collaboration.Jim Zemlin, the Executive Director of the Linux Foundation, had previously mentioned the importance of forks in open source development, emphasizing that they are a healthy aspect of the ecosystem. However, Colombo pointed out that the CRA could create a sense of unease, as it might deter people and companies from participating in open source projects or using open source software due to potential legal liabilities.To grasp the implications of the CRA, Colombo explained some of the key provisions. The initial drafts of the Act proposed potential liability for individual developers, open source foundations, and package managers. This raised concerns about the open source supply chain's potential vulnerability and the distribution of liability.As the Act evolves, the liability landscape has shifted somewhat. Individual developers may not be held liable unless they consistently receive donations from commercial companies. However, for open source foundations, especially those accepting recurring donations from commercial entities, there remains a concern about potential liabilities and the need to conform to the CRA's requirements.Colombo emphasized that this issue isn't limited to Europe. It could impact the entire global open source ecosystem and affect the ability of European developers and small to medium-sized businesses to participate effectively.The conversation highlighted the challenges open source communities face when engaging with policymakers. Open source is not structured like traditional corporations or industry consortiums, making it more challenging to present a unified front. Additionally, the legislative process can be slow and complex, which may not align with the rapid pace of technology development.The lack of proactive engagement from the European Commission and the absence of open source communities in the initial consultations on the Act are concerning. The understanding of open source, its nuances, and the role it plays in the broader software supply chain appears limited within policy-making circles.What Can Be Done?Gabriel Colombo stressed the importance of awareness and education. It is vital for individuals, businesses, and open source foundations to understand the implications of the CRA. The Linux Foundation and other organizations have launched campaigns to provide information and resources to help stakeholders comprehend the Act's potential impact.Being vocal and advocating for open source within your network, organization, and through public affairs channels can also make a difference. Engagement with policymakers, especially as the Act progresses through the legislative process, is crucial. Colombo encouraged businesses to emphasize the significance of open source in their operations and supply chains, making policymakers aware of how the CRA might affect their activities.In the face of the Cyber Resilience Act, the open source community must unite and actively engage with policymakers. It's essential to educate and raise awareness about the potential impact of the Act and advocate for a balanced approach that strengthens cybersecurity without stifling open source innovation.The Act's development is ongoing, and there is time for stakeholders to make their voices heard. With a united effort, the open source community can help shape the legislation to ensure that open source remains vibrant and resilient in the face of evolving cybersecurity challenges.Learn more from The New Stack about open source and Linux Foundation Europe:At Open Source Summit: Introducing Linux Foundation EuropeMaking Europe's 'Romantic' Open Source World More PracticalEmbracing Open Source for Greater Business Impact

Cyber Resilience Act - Die Stärkung der Cybersicherheitsvorschriften in der EU

#EUDataAct #CyberSecurity #CyberResilianceActwww.iotusecase.comIn der heutigen Podcastfolge tauchen Sebastian Fischer, Head of Engineering and Manufacturing, und Sven-Christian Dethlefsen, Rechtsanwalt, tief in die neuesten Entwicklungen des EU Data Acts, der NIS2 Verordnung und des Cyber Resilience Acts ein. Wie werden diese neuen Bestimmungen die Industrie 4.0 revolutionieren und was bedeutet das für den Maschinenbau in Europa? Zusammenfassung der PodcastfolgeIn einer spannenden Diskussion beleuchten Sebastian Fischer und Sven-Christian Dethlefsen von colenio, die weitreichenden Auswirkungen des EU Data Acts auf den Maschinenbau, einschließlich der Folge der Datenbereitstellung an Dritte. Sven-Christian, mit seinem juristischen Hintergrund, bringt Licht ins Dunkel über die Ambitionen der EU, einen Binnenmarkt für Daten zu schaffen und wie dies Betriebs- oder Geschäftsgeheimnisse beeinflussen könnte. Sebastian erläutert, warum Daten heute als wertvolles Geschäftsvermögen betrachtet werden und welche Auswirkungen dies auf die Monetarisierung und den Schutz dieser Daten hat. Ein weiterer Schwerpunkt der Folge liegt auf den Herausforderungen im Bereich Cyber Security und Compliance, die durch die Einführung der „NIS2“ Verordnung und des Cyber Resilience Acts entstehen. Diese Episode bietet einen fundierten Überblick über die neuen Richtlinien und wie Unternehmen sich an diese neuen Realitäten anpassen können.---Relevante Folgenlinks:Sebastian Fischer (https://www.linkedin.com/in/sebastian-fischer-ba34a3136/) Madeleine (https://www.linkedin.com/in/madeleine-mickeleit/)Jetzt IoT Use Case auf LinkedIn folgen

Auch diese Woche gibt es wieder eine Sonderfolge mit Mirjam Steinfeld und Dr. Mathias Grzesiek. Diese Woche geht es um aktuelle Gesetzgebungsvorhaben und Trends aus dem IT-Strafrecht. Frau Steinfeld und Dr. Grzesiek sprechen zunächst über einige relevante Gesetzesentwürfe. Sie beginnen mit dem AI-Act und legen dar, welche Auswirkungen dieser auf mögliche Strafverfahren haben könnte. Sie besprechen danach noch auf den Cyber Resilience Act, den Data Governance Act, die Nis 2 Richtlinie und weitere und erörtern die Relevanz für Compliance Strukturen und Strafverfahren. In einigen Fällen können Sie auf andere Folgen verweisen. Sodann gehen sie noch auf zwei neue Herausforderungen im Bereich der Cyberkriminalität. Sie besprechen, welche Gefahren für Unternehmen bestehen könnten und wie man diesen Gefahren vorbeugen kann. Dabei wird auch beleuchtet, welche Schritte von Behörden in diesen Bereichen getan werden. Zum Schluss geben Sie noch einige Hinweise, wie sich Unternehmen auf zukünftige Herausforderungen im Bereich der Cyber-Compliance vorbereiten können. Hier geht's zu Folge 141: Cyber Resilience: https://criminal-compliance.podigee.io/141-cr Hier geht's zu Folge: 152: EU-Regeln zur Rückverfolgbarkeit von Kryptowerten https://criminal-compliance.podigee.io/152-cr Hier geht's zu Folge 160: Aktuelle Entwicklungen und Handlungserfordernisse im Bereich der Cybersecurity https://criminal-compliance.podigee.io/160-cr Hier geht's zu Folge 161: Steuerhinterziehung und Kryptowährungen https://criminal-compliance.podigee.io/161-cr Hier geht's zu Folge163: Die europäische E-Evidence VO: https://criminal-compliance.podigee.io/163-e-evidence https://www.rosinus-on-air.com https://rosinus-partner.com

In this episode of the WP Minute podcast, host Matt discusses various WordPress news and topics.He starts by highlighting a WordPress.com initiative to encourage people to transfer their domain registration from Google Domains to WordPress.com. Matt also talks about a joint effort by open source projects, including WordPress, to raise concerns about the proposed Cyber Resilience Act in the European Union.He mentions an article about the new WordPress editor, Gutenberg, and concludes by remembering and honoring two individuals who made significant contributions to the WordPress community. Matt encourages listeners to subscribe to the podcast and mentions available sponsorships.WordPress.com offers to pay domain transfer fees for the first millionWordPress.com is offering to cover the transfer fee for the first million domains that move from Google to WordPress.com. This also extends the domain registration for an additional year.WordPress.com commits to matching or even lowering the renewal price that users were paying with Google Domains. This applies to over 400 top-level domains (TLDs) they offer. They also promise to keep domain prices low, only raising them if their wholesale costs increase.WordPress.com has been a domain name provider for over a decade and is committed to the open and inclusive web. They aim to support users' ability to truly own their content and identity on the web. Users don't need a site or hosting plan to manage their domains with WordPress.com.LinkWordPress, Drupal, Typo3, and Joomla join forcesOpen Source Matters, Inc. (Joomla), Typo3, WordPress, and the Drupal Association have issued a joint letter to the legislators of the European Union raising concerns about the proposed Cyber Resilience Act. This is a significant move as these four organizations collectively serve over 50% of the European websites.The organizations argue that the proposed regulation could undermine effective software practices due to its ban on “unfinished software”. They also express concern that the expansive definition of “commercial activity” could deter the contributions of many developers to open source software.The groups see this as an opportunity to explain the unique role that Free and Open Source Software (FOSS) plays in the software that underpins much of the web and to develop a model for how regulation should be applied to it. They also aim to educate legislators and policy-makers about the shared values that open source communities have with the European Union.LinkThis project is moving hella fastThe author expresses their love for Gutenberg, the block editor for WordPress, but also highlights its rapid pace of development. They note that this speed can sometimes leave developers behind, especially due to the shift from PHP to JavaScript (JS).The author discusses the challenges of debugging Gutenberg, particularly when encountering errors. They note that unlike PHP, where errors are logged in a file, JS errors are logged in the browser console. This shift in error handling can be confusing for developers used to PHP.The author criticizes the lack of proper documentation for Gutenberg, particularly when it comes to resolving specific errors. They argue that the current documentation is inadequate and that developers often have to search through GitHub issues to find solutions to their problems. They believe this is one of the reasons why some developers have negative feelings towards Gutenberg.LinkRemember those that have passedWordPress dedicates this page to the memory of those we've lost. They've shaped our project and enriched our community. As we remember their passion and commitment to WordPress and open source software, we celebrate their spirit.Forever in our hearts, their legacy endures through every line of code and every user they've impacted.LinkFrom the grab bag!Here are some other interesting links from the week.https://www.underrepresentedintech.com/webinars/sponsor/https://wptavern.com/classicpress-community-considers-re-forking-woocommerce-for-classic-commerce-v2https://jonathanbossenger.com/2023/07/28/the-state-of-wordpress-developer-tools-survey-results/https://us.wordcamp.org/2023/schedule/ ★ Support this podcast ★

Picture of the Week. R.I.P. Kevin Mitnick. Apple says: "Thanks, but we'd rather leave." Web Environment Integrity. Web Analytics under the spotlight. More progress on the IoT security front. The "Expeditionary cyber force". Ransomware payouts being made much less often. MOVEit Update. TikTok + Passkeys. Closing the Loop. SpinRite. Satellite Insecurity, Part 2. Show Notes: https://www.grc.com/sn/SN-932-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: drata.com/twit GO.ACILEARNING.COM/TWIT bitwarden.com/twit

Picture of the Week. R.I.P. Kevin Mitnick. Apple says: "Thanks, but we'd rather leave." Web Environment Integrity. Web Analytics under the spotlight. More progress on the IoT security front. The "Expeditionary cyber force". Ransomware payouts being made much less often. MOVEit Update. TikTok + Passkeys. Closing the Loop. SpinRite. Satellite Insecurity, Part 2. Show Notes: https://www.grc.com/sn/SN-932-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: drata.com/twit GO.ACILEARNING.COM/TWIT bitwarden.com/twit

Picture of the Week. R.I.P. Kevin Mitnick. Apple says: "Thanks, but we'd rather leave." Web Environment Integrity. Web Analytics under the spotlight. More progress on the IoT security front. The "Expeditionary cyber force". Ransomware payouts being made much less often. MOVEit Update. TikTok + Passkeys. Closing the Loop. SpinRite. Satellite Insecurity, Part 2. Show Notes: https://www.grc.com/sn/SN-932-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: drata.com/twit GO.ACILEARNING.COM/TWIT bitwarden.com/twit

Picture of the Week. R.I.P. Kevin Mitnick. Apple says: "Thanks, but we'd rather leave." Web Environment Integrity. Web Analytics under the spotlight. More progress on the IoT security front. The "Expeditionary cyber force". Ransomware payouts being made much less often. MOVEit Update. TikTok + Passkeys. Closing the Loop. SpinRite. Satellite Insecurity, Part 2. Show Notes: https://www.grc.com/sn/SN-932-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: drata.com/twit GO.ACILEARNING.COM/TWIT bitwarden.com/twit

Il fediverso avanza nonostante il CRAReddit, Feddit, LemmyUna montagna di innovazioni tecnologiche distribuite, contro i monopoli, dovrebbero essere valorizzate dai Governi.Invece con il Cyber Resilience Act (nell'audio dico CSA, correggo qui), si sposta la responsabilità quasi presunta sullo sviluppatore e non sul distributore.Cosa che nell'open source significa la morte, a vantaggio dei big.Qualcosa che seminerà danni ovunque, anche per i progetti avviati.Chi e' lo sviluppatore in progetto open source ?Chi si vorrà esporre a responsabilità per usi non corretti (e fuori contesto) del software ?Problema gravissimo. Ne va dell'esistenza delle PMI europee che si convertiranno tutte in assistenza degli operatori dominanti, se gli sarà permesso.

In this episode, News Editor Jenna Barron spoke with Mike Milinkovich, executive director of the Eclipse Foundation, about Europe's Cyber Resilience Act (CRA). He talks about why the CRA would be bad for open source development.

** Episodio 69** - "Le preoccupazioni del Cyber Resilience Act per chi sviluppa software Open Source" - In questa puntata  io -Stefano-, Antonino e Matteo abbiamo fatto due chiacchiere tra amici sulle possibili ripercussioni sul software Open Source che la nuova legge europea (il Cyber Resilience Act che verrà o è stata discussa in questi giorni) potrebbe avere se venisse approvata come è stata proposta in parlamento a Bruxelles. Ti auguriamo quindi un buon ascolto e ti ricordiamo che, se anche tu vuoi dire la tua su quello che condividiamo, puoi scriverci su: telegram.me/librepodcast #librepodcast:matrix.org email: librepodcastinfo@gmail.com P.S. Abbiamo (finalmente) riaggiornato la numerazione degli episodi, quindi potresti trovare alcune discrepanze con i titoli del vecchio feed. link alla notizia: https://www.ilsole24ore.com/art/perche-cyber-resilience-act-preoccupa-chi-sviluppa-software-open-source--AEcTDEJD --***-- Per ascoltare la puntata e per altri link vai qui su:⁠ ⁠⁠⁠⁠⁠⁠⁠⁠https://librepodcast.carrd.co/⁠⁠ --***-- Intro & background music Chronos - Alexander Nakarada ⁠⁠FreePD.com⁠⁠ - 100% Free Music Free for Commercial Use, Free Of Royalties, Free Of Attribution, Creative Commons 0 Outro: Uberpunch by Alexander Nakarada | ⁠⁠https://www.serpentsoundstudios.com⁠⁠ Music promoted by ⁠⁠https://www.free-stock-music.com⁠⁠ Creative Commons / Attribution 4.0 International (CC BY 4.0) https://creativecommons.org/licenses/by/4.0/

In this episode, Jon will be sharing about the cyber resilience act. The CRA is something that the European Union is working towards that requires companies to meet essential cybersecurity requirements before they can be sold on the European market and places obligations on manufacturers to maintain their security throughout the product lifecycle. The impact on open source software (such as Disciple Tools) is still to be determined but could be large. To watch this video, go here: https://youtu.be/SrAHLYo8SnM

Doc Searls and Simon Phipps talk with Greg Kroah-Hartman, the veteran top-level Linux kernel maintainer, about the human side of how kernel development works, how AI is still just pattern matching, and how life is about updating everything you can. Hosts: Doc Searls and Simon Phipps Guest: Greg Kroah-Hartman Download or subscribe to this show at https://twit.tv/shows/floss-weekly Think your open source project should be on FLOSS Weekly? Email floss@twit.tv. Thanks to Lullabot's Jeff Robbins, web designer and musician, for our theme music. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsor: fastmail.com/twit

Doc Searls and Simon Phipps talk with Greg Kroah-Hartman, the veteran top-level Linux kernel maintainer, about the human side of how kernel development works, how AI is still just pattern matching, and how life is about updating everything you can. Hosts: Doc Searls and Simon Phipps Guest: Greg Kroah-Hartman Download or subscribe to this show at https://twit.tv/shows/floss-weekly Think your open source project should be on FLOSS Weekly? Email floss@twit.tv. Thanks to Lullabot's Jeff Robbins, web designer and musician, for our theme music. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsor: fastmail.com/twit

Doc Searls and Simon Phipps talk with Greg Kroah-Hartman, the veteran top-level Linux kernel maintainer, about the human side of how kernel development works, how AI is still just pattern matching, and how life is about updating everything you can. Hosts: Doc Searls and Simon Phipps Guest: Greg Kroah-Hartman Download or subscribe to this show at https://twit.tv/shows/floss-weekly Think your open source project should be on FLOSS Weekly? Email floss@twit.tv. Thanks to Lullabot's Jeff Robbins, web designer and musician, for our theme music. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsor: fastmail.com/twit

Doc Searls and Simon Phipps talk with Greg Kroah-Hartman, the veteran top-level Linux kernel maintainer, about the human side of how kernel development works, how AI is still just pattern matching, and how life is about updating everything you can. Hosts: Doc Searls and Simon Phipps Guest: Greg Kroah-Hartman Download or subscribe to this show at https://twit.tv/shows/floss-weekly Think your open source project should be on FLOSS Weekly? Email floss@twit.tv. Thanks to Lullabot's Jeff Robbins, web designer and musician, for our theme music. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsor: fastmail.com/twit

This week in the Security News, Aaran Leyland joins remotely to dish out the latest news: Cyber Resilience Act contains a poison pill, a powerful backdoor, Malicious Actors and Jason Wood - Valued Co-Host OR Malicious Actor? All that and more on this episode of SWN!   Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/swn298 

This week in the Security News, Aaran Leyland joins remotely to dish out the latest news: Cyber Resilience Act contains a poison pill, a powerful backdoor, Malicious Actors and Jason Wood - Valued Co-Host OR Malicious Actor? All that and more on this episode of SWN!   Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn298 

This week in the Security News, Aaran Leyland joins remotely to dish out the latest news: Cyber Resilience Act contains a poison pill, a powerful backdoor, Malicious Actors and Jason Wood - Valued Co-Host OR Malicious Actor? All that and more on this episode of SWN!   Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/swn298 

This week in the Security News, Aaran Leyland joins remotely to dish out the latest news: Cyber Resilience Act contains a poison pill, a powerful backdoor, Malicious Actors and Jason Wood - Valued Co-Host OR Malicious Actor? All that and more on this episode of SWN!   Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn298 

Новый выпуск посвятили актуальным новостям за апрель 2023 года в мире Python. Ниже оставили ссылки на все материалы этого подкаста. • статья от Python Software Foundation - https://pyfound.blogspot.com/2023/04/the-eus-proposed-cra-law-may-have.html  • европейские акты: - Cyber Resilience Act - https://digital-strategy.ec.europa.eu/en/library/cyber-resilience-act  - Product Liability Act - https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52022PC0495  • релиз urllib3 2.0 - https://sethmlarson.dev/urllib3-2.0.0  • PyPI анонсировали поддержку trusted publisher - https://blog.pypi.org/posts/2023-04-20-introducing-trusted-publishers/  • менеджер пакетов от создателя Flask - https://github.com/mitsuhiko/rye  • Debian больше не даст делать pip install глобально - https://salsa.debian.org/python-team/packages/python-pip/-/blob/master/debian/NEWS  • лямбды и Python 3.10 в AWS - https://aws.amazon.com/ru/blogs/compute/python-3-10-runtime-now-available-in-aws-lambda/  • статья про популярность языков по количесвту pull реквестов на Github - https://lemire.me/blog/2023/04/07/programming-language-popularity-by-github-pull-requests/ и https://madnight.github.io/githut/#/pull_requests/2023/1  • курсы Learn Python - https://learn.python.ru/  • конференция Moscow Python - https://conf.python.ru/moscow/2023  • канал Миши "Хитрый Питон" - https://t.me/tricky_python    Ведущие: Михаил Корнеев и Григорий Петров CFP Moscow Python Conf https://cfp.conf.python.ru Все выпуски: https://podcast.python.ru Митапы MoscowPython: https://moscowpython.ru Курс Learn Python: https://learn.python.ru/ 

Il Web ha vissuto una rapida evoluzione che l'ha portato a quello che conosciamo oggi, passando dal Web 1.0 al Web 2.0. La rete Internet, sempre più complessa e sempre più connessa, permette di fare cose che fino a pochi anni fa erano destinate solamente ai libri e ai film di fantascienza. Dunque sono molte le applicazioni che ogni giorno nascono e si pongono l'obiettivo di tracciare la strada maestra che percorrerà l'evoluzione del Web, dal metaverso, alla blockchain, alla rete Tor, al web semantico. Ma in futuro in cosa si trasformerà il World Wide Web? In questa puntata ci concentriamo su due possibili evoluzioni, chiamate Web3 e Web 3.0, con l'obiettivo di analizzarle, scoprirne le differenze e soprattutto capire se potranno essere veramente il futuro della navigazione online.Nella sezione delle notizie parliamo della Cassazione, che si è espressa sul software di IA dell'INPS e sulla sua legittimità, del primo allunaggio del Giappone e infine delle preoccupazioni per il Cyber Resilience Act europeo in tema di Open Source.--Indice--00:00 - Introduzione00:56 - La Cassazione si esprime sull'IA dell'INPS (AgendaDigitale.eu, Davide Fasoli)02:01 - Il primo allunaggio del Giappone (HDBlog.it, Matteo Gallo)03:03 - Le preoccupazioni per il Cyber Resilience Act (IlSole24Ore.it, Luca Martinelli)05:10 - Web3 o 3.0, quale strada percorrerà il Web del domani? (Luca Martinelli)18:49 - Conclusione--Contatti--• www.dentrolatecnologia.it• Instagram (@dentrolatecnologia)• Telegram (@dentrolatecnologia)• YouTube (@dentrolatecnologia)• redazione@dentrolatecnologia.it--Brani--• Ecstasy by Rabbit Theft• No Rival by Egzod & Maestro Chives & Alaina Cross

What we like about Fedora 38, why the Rust foundation is in hot water, and more.

What we like about Fedora 38, why the Rust foundation is in hot water, and more.

"What's going on with forming the Cyber Resilience Act in Europe has the potential to do enormous harm to the open source movement and to the future prosperity of the entire human race," says Milinkovich of the Eclipse Foundation, this week's guest on FLOSS Weekly. The Cyber Resilience Act (CRA) is an important topic to discuss in open source. Doc Searls and Jonathan Bennett speak with Milinkovich about this important matter. Hosts: Doc Searls and Jonathan Bennett Guest: Mike Milinkovich Download or subscribe to this show at https://twit.tv/shows/floss-weekly Think your open source project should be on FLOSS Weekly? Email floss@twit.tv. Thanks to Lullabot's Jeff Robbins, web designer and musician, for our theme music. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

"What's going on with forming the Cyber Resilience Act in Europe has the potential to do enormous harm to the open source movement and to the future prosperity of the entire human race," says Milinkovich of the Eclipse Foundation, this week's guest on FLOSS Weekly. The Cyber Resilience Act (CRA) is an important topic to discuss in open source. Doc Searls and Jonathan Bennett speak with Milinkovich about this important matter. Hosts: Doc Searls and Jonathan Bennett Guest: Mike Milinkovich Download or subscribe to this show at https://twit.tv/shows/floss-weekly Think your open source project should be on FLOSS Weekly? Email floss@twit.tv. Thanks to Lullabot's Jeff Robbins, web designer and musician, for our theme music. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

"What's going on with forming the Cyber Resilience Act in Europe has the potential to do enormous harm to the open source movement and to the future prosperity of the entire human race," says Milinkovich of the Eclipse Foundation, this week's guest on FLOSS Weekly. The Cyber Resilience Act (CRA) is an important topic to discuss in open source. Doc Searls and Jonathan Bennett speak with Milinkovich about this important matter. Hosts: Doc Searls and Jonathan Bennett Guest: Mike Milinkovich Download or subscribe to this show at https://twit.tv/shows/floss-weekly Think your open source project should be on FLOSS Weekly? Email floss@twit.tv. Thanks to Lullabot's Jeff Robbins, web designer and musician, for our theme music. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

"What's going on with forming the Cyber Resilience Act in Europe has the potential to do enormous harm to the open source movement and to the future prosperity of the entire human race," says Milinkovich of the Eclipse Foundation, this week's guest on FLOSS Weekly. The Cyber Resilience Act (CRA) is an important topic to discuss in open source. Doc Searls and Jonathan Bennett speak with Milinkovich about this important matter. Hosts: Doc Searls and Jonathan Bennett Guest: Mike Milinkovich Download or subscribe to this show at https://twit.tv/shows/floss-weekly Think your open source project should be on FLOSS Weekly? Email floss@twit.tv. Thanks to Lullabot's Jeff Robbins, web designer and musician, for our theme music. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

Stai ascoltando un estratto gratuito di Ninja PRO, la selezione quotidiana di notizie per i professionisti del digital business. Con Ninja PRO puoi avere ogni giorno marketing insight, social media update, tech news, business events e una selezione di articoli di approfondimento dagli esperti della Redazione Ninja. Vai su www.ninja.it/ninjapro per abbonarti al servizio.Cyber Resilience Act, le organizzazioni Open Source chiedono all'Ue di riconsiderare alcuni aspetti. Tredici organizzazioni, tra cui la Eclipse Foundation, la Linux Foundation Europe e l'Open Source Initiative (OSI), osservano che il Cyber Resilience Act, così come è stato scritto, "pone un inutile rischio economico e tecnologico all'UE" e chiedono di avere maggiore voce in capitolo nell'iter legislativo. Presentato per la prima volta in bozza a settembre, il CRA si propone di codificare in legge le migliori pratiche di cybersecurity per i prodotti connessi venduti in Europa. Il software open source rappresenta oltre il 70% del software presente nei prodotti con elementi digitali, sottolineano le organizzazioni. Il CEO di Google mette in guardia sull'AI. In un'intervista alla CBS andata in onda domenica scorsa e riportata da CNBC, Sundar Pichai ha lasciato intendere che la società non è preparata al rapido avanzamento dell'intelligenza artificiale. Pichai ha affermato che le leggi che regolano i progressi dell'AI "non possono essere decise solo da un'azienda". Mettendo in guardia dalle conseguenze di questa nuova tecnologia, ha anche detto che l'IA avrà un impatto su "ogni prodotto di ogni azienda". Fotografia creata dall'intelligenza artificiale vince ai Sony World Photography Awards. L'artista tedesco Boris Eldagsen si è aggiudicato la categoria "creatività" della sezione Open. Il fotografo ha quindi dichiarato che l'immagine è stata realizzata dal'AI e per questo di non poter accettare il riconoscimento. L'opera, ha spiegato Eldagsen, era stata creata proprio per generare un dibattito, non per vincere un premio.

Watch on YouTube About the show Sponsored by InfluxDB from Influxdata. Connect with the hosts Michael: @mkennedy@fosstodon.org Brian: @brianokken@fosstodon.org Show: @pythonbytes@fosstodon.org Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Tuesdays at 11am PT. Older video versions available there too. Brian #1: huak - A Python package manager written in Rust. Inspired by Cargo Suggested by Owen Tons of workflows activate - activate a virtual environment add add a dependency to a project pip install it into your virtual environment, and add it to the dependency list in pyproject.toml test - run pytest update update dependencies lint - run ruff, installing it first if necessary fix - autofix fixable lint conflicts build - build wheel in isolated virtual environment using hatchling Honestly I was considering building my own workflow tool, but this is darned close to what I want. Even though it's still “in an experimental state”. There are rough edges (ruff edges, get it), but still, way cool. I just don't know how to pronounce it. Is it like “walk”, or more like “whack”? Michael #2: PSF expresses concerns about a proposed EU law that may make it impossible to continue providing Python and PyPI to the European public After reviewing the proposed Cyber Resilience Act and Product Liability Act, the PSF has found issues that put the mission of our organization and the health of the open-source software community at risk. As currently written, the authors of open-source components might bear legal and financial responsibility for the way their components are applied in someone else's commercial product. The risk of huge potential costs would make it impossible in practice for us to continue to provide Python and PyPI to the European public. Brian #3: ChaosToolkit Suggested by the maintainer, Sylvain Hellegouarch Declare and store your Chaos Engineering experiments as JSON/YAML files so you can collaborate and orchestrate them as any other piece of code. Extensible through an Open API Can be automated in CI/CD pipeline Michael #4: PEP 711 – PyBI: a standard format for distributing Python Binaries “Like wheels, but instead of a pre-built python package, it's a pre-built python interpreter” Joke: It's the effort that counts

Il Cyber Resilience Act (CRA) è una proposta legislativa importante, ma che nella formulazione attuale rappresenta una ENORME minaccia per l'Open Source in Europa. Il CRA, sebbene abbia obiettivi nobili come il miglioramento del livello generale di sicurezza informatica in Europa, presenta alcune criticità per l'industria del software open source che non possono essere ignorate.Tra i principali problemi, emerge la mancata distinzione tra autori di open source e giganti tecnologici. Inoltre, le responsabilità legali e finanziarie che il CRA impone agli autori di open source sono totalmente inadeguate, rendendo difficile per loro proseguire con l'innovazione e la collaborazione nello sviluppo di software open source.Un altro elemento critico riguarda l'introduzione di limitazioni al rilascio di software incompleto e la mancanza di chiarezza su cosa si intenda per ''attività commerciali'' nel contesto del CRA. Questo potrebbe provocare un effetto di ''raffreddamento'' nei confronti di progetti open source in Europa, danneggiando significativamente l'ecosistema e il posizionamento delle aziende europee sul mercato globale del software.È essenziale che in sede Europea si approvi un CRA rivisto, che tenga conto delle preoccupazioni espresse e protegga l'innovazione e la libertà nell'uso del software open source. È fondamentale per la competitività europea continuare a sostenere e favorire l'open source e il suo sviluppo.Vi invito a informarvi su questo tema cruciale e a far sentire la vostra voce a sostegno dell'OpenSource.FONTI: » https://blog.opensource.org/the-ultimate-list-of-reactions-to-the-cyber-resilience-act/» https://digital-strategy.ec.europa.eu/en/library/cyber-resilience-act»»»Ti sei già iscritto alla [Membership PRO], per supportare il Canale e avere una serie di contenuti esclusivi?https://www.youtube.com/channel/UCm5H2LH2ISgpX-X5-SP4Vrg/join»»»Io sono MATTEO FLORA, sono un Imprenditore seriale nel Digitale e insegno in università #Reputazione e #Cybersecurity. Mi occupo di #Dati, #Polarizzazioni, Gestione di #Crisi e #Reputazione come Consulente Strategico di Aziende, Enti e Professionisti.Con “Ciao Internet” ti racconto come la Rete ci Cambia, come capirla e usarla al meglio per migliorare la tua vita e professione, non solo digitale.Aziende » http://matteoflora.com/#aziendeTelegram » https://mgpf.it/tgCorso Gratis » https://mgpf.it/nlPer contatti commerciali: sales@matteoflora.comQuesto show fa parte del network Spreaker Prime. Se sei interessato a fare pubblicità in questo podcast, contattaci su https://www.spreaker.com/show/2130193/advertisement

In questo episodio parliamo di CRA, ovvero Cyber Resilience Act, ovvero la proposta dell'Unione Europea di introdurre una legislazione che faccia enforcing sulla sicurezza informatica, di hardware connessi e software, già oggetto di preoccupazione e appelli da parte della community open source. Proveremo a raccontare cos'è questa proposta, quali sono i propositi che hanno portato al suo concepimento, e quali i rischi per gli sviluppatori software.Con: Edoardo Dusi, Paolo Mainardi e Paolo Pustorino

In this episode, Rob and Stan look at a couple of drives to impose law and order on cybersecurity.First the new US National Cybersecurity Strategy for the US.“I actually see this as being a pretty sharp break from the past. If it's fully implemented, I think the potential to change the US cybersecurity posture will significantly be improved for the better.”“The strategy does put an emphasis on holding software vendors more directly responsible for the security of their technologies. And it recognizes that if left to its own devices, the software market many times rewards vendors that under invest in security and get things out to market faster. It's been proven time and time again that market pressures are not necessarily going to result in more secure products.”“This is going to take time. They're talking about a 10 year window here for the cybersecurity act….so the implementation of this through various administrations who may have different priorities is going to be interesting.”Rob and Stan also reflect on how the US strategy compares to the the EU Cyber Resilience Act, revealed in September 2022.“They actually are very focused on personal data and ensuring that there's the protection and confidentiality and integrity of the data of the individuals. There are vulnerability disclosures that are required from the manufacturers.”"If you are to improve compliance, you're not doing business in the EU. That's the one that really resonates, right? That's what's going to make people say  “Well, I have to if I want to be able to generate the type of business I require from the entire EU marketplace.”"Rate and review the show on Apple Podcasts.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com

Guest Andy Piper | Ana Meta Dolinar | Gemma Penson Panelist Richard Littauer Show Notes Hello and welcome to Sustain! The podcast where we talk about sustaining open source for the long haul. Richard is at the State of Open Con 2023 UK in London, and he's excited to have his first ever in-person podcasts. Today, he has three guests joining him. His first guest is Andy Piper, who volunteered to come here and represent the Open Source Initiative. We'll hear more about he's helping the OSI today, what changes he has seen with the OSI over the past decade, and his thoughts on the Cyber Resilience Act. His next two guests are Ana Meta Dolinar and Gemma Penson, who are both University students in Cambridge. They had a stall upstairs at the event for Women@CL, which is the initiative promoting inclusivity and community of women who do computer science, either as students or researchers at Cambridge. Today, we'll learn all about the Women @CL, how they're helping to fix the huge gender imbalance when it comes to open source and computer science, and their thoughts on the “leaky pipeline” metaphor. Download this episode now to hear much more! [00:00:46] Andy tells us why he's at the State of Open Con helping the OSI. [00:04:01] We hear Andy's perspective on how you can benefit from the OSD by being an enthusiast and what it gives you by having the OSD there. [00:06:25] We learn what Andy is currently doing with open source and being a member of the Python Software Foundation. [00:09:44] Since Andy's been a member for over ten years, he tells us what he has seen that has changed significantly in the past decade with the OSI. [00:11:26] Andy shares his first experience at FOSDEM 2023. [00:12:59] What are Andy's thoughts on the Cyber Resilience Act? He also mentions a website and blog to check out by Simon Phipps. [00:15:41] Find out where you can follow Andy and the OSI on the web. [00:17:56] There is a huge gender imbalance when it comes to open source and computer science, and Ana and Gemma share the statistics with us as well as what activities they do to help fix that imbalance. [00:19:14] Ana explains more about the Oxford Women in Computing Society. She mentions lobbying and explains how it requires a lot of background work. [00:21:20] We hear more about the Oxbridge Women in Computer Science Conference that takes place April 2023. [00:24:45] Tech has a higher representation of neuro divergent participants, and Ana and Gemma talk about how visible this population is at universities and in computer science programs and how supportive the university is. [00:27:19] We hear Gemma and Ana's thoughts on the “leaky pipeline” metaphor and why it may or may not work. [00:32:00] The last question is on the topic of governance and how they plan to keep the program existing and onboard new women to this important cause. They tell us about the initiative at Cambridge, and a Big Sister, Little Sister program they have. [00:35:28] Ana and Gemma explain the mentorship from the graduate school, postgraduates, assistant lecturers, etc. [00:36:25] If you're a company that wants to sponsor Women in CL, find out where you can reach out to them and where to get in touch with Ana and Gemma on the web. Links SustainOSS (https://sustainoss.org/) SustainOSS Twitter (https://twitter.com/SustainOSS?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) SustainOSS Discourse (https://discourse.sustainoss.org/) podcast@sustainoss.org (mailto:podcast@sustainoss.org) Richard Littauer Twitter (https://twitter.com/richlitt?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) Andy Piper Website (https://andypiper.me/) Andy Piper Mastodon (https://mastodon.social/@andypiper) Open Source Initiative (https://opensource.org/) Cyber Resilience Act (https://digital-strategy.ec.europa.eu/en/library/cyber-resilience-act) The ultimate list of reactions to the Cyber Resilience Act by Simon Phipps (Voices of Open Source) (https://blog.opensource.org/the-ultimate-list-of-reactions-to-the-cyber-resilience-act/) Ana Meta Dolinar email (mailto:amd219@cam.ac.uk) Gemma Penson email (mailto:gp500@cam.ac.uk) Women@CL-Department of Computer Science and Technology-University of Cambridge (https://www.cst.cam.ac.uk/women) Women@CL Twitter (https://twitter.com/womencl1?lang=en) Women@CL Facebook (https://www.facebook.com/womenatCL/) Women @CL Instagram (https://www.instagram.com/womenatcl.cambridge/) Oxford Women in Computing Society (https://www.oxwocs.com/) Oxbridge Women in Computer Science Conference (https://www.oxbridge2023.com/) Credits Produced by Richard Littauer (https://www.burntfen.com/) Edited by Paul M. Bahr at Peachtree Sound (https://www.peachtreesound.com/) Show notes by DeAnn Bahr Peachtree Sound (https://www.peachtreesound.com/) Special Guests: Ana Meta Dolinar, Andy Piper, and Gemma Penson.

In this episode of Tech. Strong. Women., hosts Jodi Ashley and Tracy Ragan talk with Liz Rice, chief open source officer at Isovalent, about extended Berkeley Packet Filter (eBPF) and its impact on the open source ecosystem and observability, the challenges open source developers face with the upcoming Cyber Resilience Act legislation and the significant impact AI has on open source. Rice will discuss how AI opens up numerous opportunities for further automation and optimization of open source development, integration and delivery all along the SDLC. Finally, Rice explores how the modern remote, work-from-anywhere technology landscape will empower more women and underrepresented groups to pursue tech careers.

Wer sich mit IT-Sicherheit oder Datenschutz beschäftigt, wird früher oder später mit dem ominösen Terminus "Stand der Technik" konfrontiert. Der Begriff spielt beispielsweise in der Datenschutz-Grundverordnung (DSGVO) eine wichtige Rolle: Nach Artikel 32 DSGVO müssen Datenverarbeitende "geeignete technische und organisatorische Maßnahmen" treffen, um "ein dem Risiko angemessenes Schutzniveau zu gewährleisten". Und dabei soll sollen sie eben den "Stand der Technik" berücksichtigen. Doch was ist technisch und juristisch hinter dieser schwammigen Forderung zu verstehen? Genau dies wollen Joerg und Holger ergründen. Als kompetenten Gesprächspartner haben sie dazu den Rechtsanwalt Karsten Bartels an ihrer Seite. Der gelernte Rechtsinformatiker ist stellvertretender Vorstandsvorsitzender des Bundesverband IT-Sicherheit e. V., auch als TeleTrusT bekannt. Dort hat er auch den "Arbeitskreis Stand der Technik" mit gegründet. TeleTrusT veröffentlicht auch die "Handreichung zum 'Stand der Technik'", in der Experten aus der Wirtschaft (oft aktualisiert) konkrete Hinweise zu geeigneten technischen Maßnahmen und Prozessen in allen möglichen Bereichen der IT zusammentragen, beispielsweise zur sicheren Website-Verschlüsselung oder zur Multifaktor-Authentifizierung. Im Podcast erläutert Karsten, was es mit dem "Stand der Technik" auf sich hat. Dieser Stand bewege sich irgendwo zwischen "anerkannten Regeln der Technik", etwa den DIN-Normen, und dem neuesten "Stand von Wissenschaft und Technik". Zusammen mit Joerg geht er Satz für Satz durch Artikel 32 DSGVO und erklärt, was der europäische Gesetzgeber hier fordert. Außerdem ordnet Karsten den Begriff in den Kontext anderer Vorschriften ein, etwa des IT-Sicherheisgesetzes und bevorstehender EU-Regulierung. Hier werde sich mit dem im September von der EU-Kommission vorgeschlagenen "Cyber Resilience Act" bald einiges ändern, prophezeit er.

Professor Lee Bygrave, Director of the Norwegian Research Centre for Computers and Law in the University of Oslo, joins Johanna in the studio to discuss security by design. The pair discuss the importance and challenges of translating “by design” mantras from legal concepts to engineering concepts and vice versa. In the context of the Optus and Medibank hacks, they canvas the proposal for new penalties for privacy breaches in Australia, privacy reform, the EU's proposed Cyber Resilience Act and much more. Tech Mirror is recorded on Ngunnawal land. We acknowledge the traditional custodians of this land and pay our respect to elders past, present, and emerging. Professor Johanna Weaver is Director of the Tech Policy Design Centre at the Australian National University. This episode was produced by Jack Fox, with special thanks to Ben Gowdie for research and Tanvi Nair for post-production support.   Relevant links: Professor Bygraves' Paper: Security by Design: Aspirations and Realities in a Regulatory Context: https://www.idunn.no/doi/10.18261/olr.8.3.2#sec-5 Professor Bygraves' Paper: Data Protection by Design and Default: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3944535  Australian Securities and Investments Commission v RI Advice Group Pty Ltd: https://www.judgments.fedcourt.gov.au/judgments/Judgments/fca/single/2022/2022fca0496  Proposed EU Cyber Resilience Act: https://digital-strategy.ec.europa.eu/en/library/cyber-resilience-act  GDPR Text, Article 25: https://gdpr-text.com/read/article-25/ ‘Good privacy reform rests on well-resourced tech regulators' by Sarah O'Connor: https://www.innovationaus.com/good-privacy-reform-rest-on-well-resourced-tech-regulators/ ‘Privacy is hard and Seven Other Myths' by Jaap-Henk Hoepman: https://mitpress.mit.edu/9780262045827/privacy-is-hard-and-seven-other-myths/ ‘Ethical IT innovation, a value based system design approach' by Sara Spiekerman: https://www.taylorfrancis.com/books/mono/10.1201/b19060/ethical-innovation-sarah-spiekermann   Send us your questions: techpolicydesign@anu.edu.au  Follow us on Twitter: @TPDesignCentre     

On this episode of Embedded Insiders, we're joined by Paul Butcher, Senior Software Engineer at AdaCore, to discuss how AI can make fuzz testing even more robust through the integration of techniques like symbolic execution and input-to-state correspondence that optimize test data sets against scenarios a system might encounter in the real world.Next, Brandon heads back into the Industrial Metaverse with part 2 of a Blueprints series – created in partnership with Bosch, Cloud Blue, the MathWorks, NVIDIA, and Siemens – which reveals how the combination of cyber-physical systems, model-based systems engineering, and digital twins can provide a path to solving some of the world's most complex problems.But first, Brandon and Rich express their hesitations about the European Commission's proposed Cyber Resilience Act, which requires manufacturers to protect their IoT and IIoT device from unauthorized access at all stages of the product lifecycle.