PyData Amsterdam 2024

Counting down for CRA - updates and expectations
09-19, 10:35–11:10 (Europe/Amsterdam), Mondriaan

The EU Commission is likely to vote on the Cyber Resilience Act (CRA) later this year. The CRA is an ambitious step towards protecting consumers from software security issues by creating a new list of responsibilities for software developers and providers. The Act also creates a new category of actor known as an “Open Source Steward” which we think makes important allowances for public open source repositories like CPython and Python Package Index (PyPI.) Once the dust settles, everyone who makes software will need to consider the CRA’s mandates in their security roadmaps.

In this talk we will look at the timeline for the new legislation, any critical discussions happening around implementation and most importantly, the new responsibilities outlined by the CRA. We’ll also discuss what the PSF is doing for CPython and for PyPI and what each of us in the Python ecosystem might want to do to get ready for a new era of increased certainty – and liability – around security.

Target audience

Developers and maintainers whose project or product may be affected by the CRA. European legislation won’t just affect the European market, it will affect the software industry and the open source community globally as it is very hard to segregate one project or product from the EU market. So, this is for everyone in the Python community who shares their code with the world.

Goal

To educate the general public about CRA - how it can affect us and how to get ready for it. We also want to provide more information for the Python community about what has been done by the PSF regarding the CRA to reassure them that the Python community is aware and getting prepared for the CRA.


  • Introduction
  • what is CRA
  • Highlight of the CRA text as of now
  • How we may be affected
  • Getting ready
  • What has PSF done for cyber security
  • What has PSF done for CRA specifically
  • What is PSF planning to do to support the community
  • Call for action
  • How to be prepared as an individual
  • How to be prepared if you are maintaining a project
  • How to support PSF to be ready for CRA

Cheuk has been a Data Scientist in various companies which demands high numerical and programmatical skills, especially in Python. To follow her passion for the tech community, Cheuk has been a Developer Advocate for 3 years. Cheuk also contributes to multiple Open Source libraries like Hypothesis, Pytest, Pandas, Polars, PyO3, Jupyter Notebook and Django. Cheuk is now a consultant and trainer at CMD Limes.

Besides her work, Cheuk enjoys talking about Python on personal streaming platforms and podcasts. Cheuk has also been a speaker at Universities and various conferences. Besides, Cheuk also organises tech events. Conferences that Cheuk has organized include EuroPython, PyData London and Pyjamas Conf. Believing in Tech Diversity and Inclusion, Cheuk co-founded Humble Data workshops and help organise mentored sprints for underrepresented groups.

Chuek also loves serving the community that she is in. In 2021 and 2022 Cheuk served as a board member in EuroPython Society. Cheuk is currently a Python Software Foundation fellow (since 2021) and director (since 2023).

This speaker also appears in: