BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.embedded-recipes.org//er2026//speaker//JM37W8
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-er2026-CUMR8D@cfp.embedded-recipes.org
DTSTART;TZID=CET:20260527T094500
DTEND;TZID=CET:20260527T102500
DESCRIPTION:The EU Cyber Resilience Act introduces new obligations across t
 he software supply chain\, for both manufacturers and for the new category
  of open source stewards. We've been thinking about what this means for th
 e Yocto Project - what are our obligations? And what can we do to help our
  users meet their obligations as manufacturers?\n\nFor manufacturers\, the
  CRA requires the avoidance of known exploitable security issues\, trackin
 g of software components & vulnerabilities\, reporting to relevant Compute
 r Security Incident Response Teams (CSIRTs) and provision of software upda
 tes for the useful lifetime of products. Today\, the Yocto Project provide
 s a repeatable build process and tooling that will help manufacturers to m
 eet these requirements. With further development\, we could make it easier
  to achieve the required level of security and vulnerability tracking.\n\n
 For the Yocto Project itself\, the requirements on open source stewards ar
 e more lightweight. We will need to align the project's cybersecurity poli
 cy with the CRA and be prepared to share information with market surveilla
 nce authorities if requested.
DTSTAMP:20260406T234720Z
LOCATION:Auditorium
SUMMARY:Yocto Project and the Cyber Resilience Act - Paul Barker
URL:https://cfp.embedded-recipes.org/er2026/talk/CUMR8D/
END:VEVENT
END:VCALENDAR