Roman Zhukov
Practicing cybersecurity expert, engineer and manager (15+ years), (ISC)2 CC (Certified in Cybersecurity). Currently - Principal Security & Community Architect at Red Hat. Formerly - Head of Product Security & Privacy for Data Center & AI SW at Intel. Roman has broad experience from security architecture & threat modelling to secure development & tooling to vulnerability management & incident response to security education programs for engineers & senior managers. Currently Roman leads industry engagement and several Open-Source security initiatives: Security Champion for Linux Foundation projects, contributor to several working groups under OpenSSF, Eclipse, other foundations. Lecturer at Universities and commercial educational centers. Security Advisor and Evangelist. Mentor and consultant for startups.
Red Hat
Job title –Principal Security Community Architect
Session
he EU Cyber Resilience Act (CRA) aims to safeguard European consumers and at first glance it targets only the EU market. But in fact the entire OSS ecosystem falls under its scope as CRA creates mandatory cybersecurity requirements for vendors, distributors, integrators, even enterprise consumers and, in fact, the entire open-source ecosystem by introducing terms like “Manufacturer”, “Steward”, “Individual developer” among others. So, how to ensure you stay compliant?
I’ll cover what we, as part of the various working and regulatory expert groups, are doing to help the entire open-source community navigate the actual requirements. We’ll explore how these roles are played together by the leading industry players (yes, revealing some non-trivial scenarios) and what best practices and tools can be used right away for your organization or by you as an individual contributor. Finally, let’s discuss how we together should turn CRA into an opportunity to make open-source better for all.