Cyber-Security
Cyber-Security
Cybersecurity regulation refers to legal measures and guidelines designed to protect networks, devices, programs, and data from digital attacks, theft, damage, or unauthorized access. These regulations impose standards, procedures, and responsibilities on individuals, organizations, and governments to ensure the confidentiality, integrity, and availability of digital information and systems.
A cybersecurity regulation comprises directives that safeguard information technology and computer systems with the purpose of forcing companies and organizations to protect their systems and information from cyberattacks like viruses, worms, Trojan horses, phishing, denial of service (DOS) attacks, unauthorized access (stealing intellectual property or confidential information) and control system attacks. - Cyber-security Regulation, Wikipedia
Note: This is an area of active current development.
See: This detailed wikipedia article on Cyber-security regulation
Intersection With Open Source
Controls
Arguably, the controls for contribution should not be any different for ingestion. However, it's important to point out that firms need to be vigilant even when consuming their own open source software and apply the same level of care as they do for third party code.
See Also:
Relevant Regulation
EU Examples
DORA: In the EU, Digital Operational Resilience Act (DORA) includes measures to ensure that financial entities have secure and resilient software supply chains. This includes requirements for risk management, testing, incident reporting, and ICT third-party risk.
The Cyber Resilience Act (CRA) is a regulation proposed by the European Commission which outlines common cybersecurity standards for hardware and software products in the EU.
US Examples
Various laws at state and federal level.
Proposed amendments to the GLBA to require require disclosure of security breaches by financial institutions.
The Cybersecurity Maturity Model Certification (CMMC): This is a set of standards that all Department of Defense (DoD) contractors must meet to protect sensitive data.
The Federal Information Security Modernization Act (FISMA): Updated in 2014, this law governs the security of federal agencies' information systems.