2026-06-18 –, A112 (capacity 64)
The EU Cyber Resilience Act (CRA) was designed to protect European consumers, but its global implications have left many in the open source community - especially individual contributors and maintainers - feeling confused or even afraid. While most discussions focus on the obligations of Manufacturers or Open Source Stewards, individual contributors are often left asking: "Will I be liable? Should I stop contributing?"
We will start this session with a short presentation, but most of the time will be dedicated to answering your questions (AMA - Ask Me Anything), taking whiteboard and brainstorming on your case studies and the CRA roles that might be applicable to you, your organization, your open source projects or your community. We will focus specifically on SW developers, contributors and maintainers and show that the regulations are manageable. There are no “stupid” questions about the CRA as it’s the most complex and impactful regulation that the open source. We got your back.
Roman is a cybersecurity expert and leader with 17+ years of experience securing complex systems and products. As Principal Architect at Red Hat, he drives open-source security strategy and cross-industry collaboration to build trusted software ecosystems. Formerly, he led Product Security & Privacy for Data Center and AI software at Intel. Roman contributes to global open-source security initiatives and standardization efforts, including the EU Cyber Resilience Act.