Threats and industry trends analysis

This area will be used to track trends and emerging threats related to security.

Security Initiatives:

Regulation:

• US cybersecurity executive order: https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/

• EU Cyber Resilience Act: https://digital-strategy.ec.europa.eu/en/policies/cyber-resilience-act

  • 12 March 2024 - the European Parliament approved the Cyber Resilience Act: https://www.europarl.europa.eu/doceo/document/TA-9-2024-0130_EN.html

Open Source Initiatives:

• OpenSSF: https://openssf.org/

  • Security Mobilization Plan:  https://openssf.org/oss-security-mobilization-plan/

• In response to the EU Cyber Resilience Act two working groups have been formed

  • Open Regulatory Compliance Working Group (Eclipse Foundation)

  • Global Cyber Policy Working Group (Linux Foundation)

• Post Quantum Crytography

  • Linux Foundation has launched Post-Quantum Cryptography Alliance (PQCA) Post-Quantum Cryptography Alliance Launches to Advance Post-Quantum Cryptography with two projects
    - Open Quantum Safe: software for the transition to quantum-resistant cryptography (https://openquantumsafe.org/)
    - liboqs is an open source C library for quantum-safe cryptographic algorithms, language wrappers are offered for other languages (https://openquantumsafe.org/liboqs/)
    - PQ Code Package: aims to build high-assurance software implementations of standards-track post-quantum cryptography algorithms (https://github.com/pq-code-package)

  • OpenSSF discusses the use of cryptographic algorithms in their "Secure Software Development Fundamentals" course, including recommendations on how to properly use post-quantum cryptography (https://training.linuxfoundation.org/training/developing-secure-software-lfd121/)