Skip to content

Cyber Resilience Act #503

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
plehegar opened this issue Apr 14, 2025 · 5 comments
Open

Cyber Resilience Act #503

plehegar opened this issue Apr 14, 2025 · 5 comments
Assignees
@plehegar @simoneonofri
Labels
Privacy Security

Comments

@plehegar
Copy link
Member

plehegar commented Apr 14, 2025
edited
Loading

Describe the problem you think needs solving

The Cyber Resilience Act enhances cybersecurity standards of products that contain a digital component, requiring manufacturers and retailers to ensure cybersecurity throughout the lifecycle of their products.
The Cyber Resilience Act entered into force on 10 December 2024. The main obligations introduced by the Act will apply from 11 December 2027.

W3C needs to figure out how this will affect us.

cc @rigow
@plehegar plehegar moved this to Investigation in W3C Technical Strategy Pipeline Apr 14, 2025
@rigow
Copy link

rigow commented Apr 14, 2025

Permanent link to CRA is in Eur-Lex. Main issue is dealing with open source stewards according to Art. 24 of the CRA. We also need to find out whether the making of common technical specifications is affected. This touches on security by design paradigm

@rigow
Copy link

rigow commented Apr 22, 2025

Presentation in https://www.w3.org/2025/04/CRA-Strat-Presentation.pdf Discussion of the Topic in Strat-Call 2025-04-22

@plehegar
Copy link
Member Author

3 dimensions to look at:

  1. security by design: improving our security and privacy considerations with a risk-based approach (threat modelling).
  2. security updates and vulnerability handling: Have SING take over "W3C Security Disclosures Best Practices", add security issues handling to it, and publish as a Group Note.
  3. Cooperation with ESOs on assessment criteria for browsers as well as mobile web applications

@simoneonofri simoneonofri mentioned this issue Apr 24, 2025
Closed
@simoneonofri
Copy link

Added a reflection here: #503 (comment)

@plehegar
Copy link
Member Author

plehegar commented May 7, 2025

SWAG is looking at this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@plehegar plehegar

@simoneonofri simoneonofri

Labels
Privacy Security
Projects
W3C Technical Strategy Pipeline
Status: Investigation
Milestone
No milestone
Development

No branches or pull requests
3 participants
@plehegar @simoneonofri @rigow