Virtualization Technology News and Information
Article
RSS
Mike Milinkovich of the Eclipse Foundation Talks Open Source Compliance and Cyber Resilience Act in New Initiative - VMblog QA

interview-eclipse-foundation-milinkovich 

In the rapidly evolving world of open source software, staying ahead of regulatory requirements is becoming increasingly critical. The Eclipse Foundation, one of the largest open source foundations globally, is taking proactive steps to address these challenges with the launch of its Open Regulatory Compliance Working Group. At the helm of this initiative is Mike Milinkovich, Executive Director of the Eclipse Foundation.

In this exclusive VMblog Q&A, Milinkovich dives into the mission of the new working group, its initial focus on the European Cyber Resilience Act, and how it aims to bridge the gap between regulatory bodies and the open source community. With major tech players and open source organizations already on board, the Eclipse Foundation is positioned to play a key role in shaping the future of open source compliance.

VMblog:  Before we jump into the news, give us a bit of background on the Eclipse Foundation.

Mike Milinkovich:  The Eclipse Foundation is a Brussels-based open source software foundation and one of the largest open source foundations in the world. While we're perhaps best known for the Eclipse IDE, used by millions of developers, for Jakarta EE, the open source successor to Java EE, or Adoptium, one of the most widely used OpenJDK Java distributions, our scope extends far beyond that. We currently host over 420 open source projects across diverse technology domains, including runtimes, tools, specifications, and frameworks for cloud and edge applications, AI, automotive, IoT, systems engineering, open processor designs, and many others.

VMblog:  What exactly did you all announce?

Milinkovich:  We're formally launching the Open Regulatory Compliance Working Group, a new initiative hosted at the Eclipse Foundation. Its mission is to help open source participants navigate and comply with governmental regulations, ensuring the continued use and advancement of open source throughout the software supply chain.

The Open Regulatory Compliance Working Group bridges a critical gap between regulatory authorities and the open source ecosystem. By collaborating with relevant authorities and standards organizations, the working group aims to formalize industry best practices so they can be properly referenced in legislation and support the authorities in understanding the nuances of the open source ecosystem. This ensures that all open source participants can meet regulatory requirements across jurisdictions and improve software quality and security.

While the working group is focused on general open source compliance, its immediate priority is the European Cyber Resilience Act (CRA), which is rapidly approaching implementation.

VMblog:  Which organizations are participating in this working group?

Milinkovich:  We're thrilled to have a diverse and influential set of participants, including major global tech leaders like Bosch, Mercedes-Benz, Nokia, and Siemens, alongside smaller companies like Lunatech, Obeo, and Payara Services. Additionally, we have the support of numerous open source foundations, including the Apache Software Foundation, Blender Foundation, CodeDay, The Document Foundation, FreeBSD Foundation, iJUG, Matrix.org Foundation, NLnet Labs, Open Elements, OpenForum Europe, OpenInfra Foundation, Open Source Initiative (OSI), Open Source Robotics Foundation (OSRF), OWASP, The PHP Foundation, Python Software Foundation, Rust Foundation, SCANOSS, and Software Heritage. We anticipate more organizations will join as the working group expands its focus.

VMblog:  Why focus on the Cyber Resilience Act first?

Milinkovich:  Primarily because of the urgent need to get organizations the tools and processes they need as soon as possible. The CRA will come into force very soon, followed by a three-year transition period for ironing out implementation details. The European Commission's agenda for standardization is particularly tight. A draft request for harmonized standards was issued on April 17, with the goal of making them available a year in advance, giving the industry time to prepare. This gives us limited time to ensure the specific needs of the open source community are well understood and properly addressed.

VMblog:  What other tech policy areas does this group plan on addressing?

Milinkovich:  If there is a government regulation that impacts the open source community, we're willing to tackle it. As your readers likely know, many potential regulations are being considered globally, particularly in the EU. We'll be focusing on important areas like AI, data sovereignty, and the software supply chain. Just as importantly, all organizations are welcome to participate. You can learn more about joining the Open Regulatory Compliance Working Group on the group's participation page here: https://orcwg.org/participate/.

##

Mike Milinkovich has been involved in the software industry for over thirty years, doing everything from software engineering, to product management to IP licensing. He has been the Executive Director of the Eclipse Foundation since 2004. In that role he is responsible for supporting both the Eclipse open-source community and its commercial ecosystem. Prior to joining Eclipse, Mike was a vice president in Oracle's development group. Other stops along the way include WebGain, The Object People, IBM, Object Technology International (OTI), and Nortel.

Published Monday, September 30, 2024 7:30 AM by David Marshall
Filed under: ,
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<September 2024>
SuMoTuWeThFrSa
25262728293031
1234567
891011121314
15161718192021
22232425262728
293012345