Lobbying by GitHub, Inc.

GitHub, Inc.

GitHub is the world’s largest software development platform, enabling users and businesses to collaboratively develop 200+ million open-source and proprietary software projects.

Links

Website Transparency Register Profile

ID: 976086229629-90

Lobbying Activity

Response to Cyber Resilience Act

23 Jan 2023

GitHub is the largest code repository and platform for collaborative software development. Home to over 94 million developers, and nearly 14 million in the EU, we are where the world builds software. GitHub welcomes the European Commissions efforts to improve cybersecurity in the single market and, in particular, the Cyber Resilience Act (CRA) proposal. We look forward to supporting the co-legislators as work on the CRA continues. Below we share several recommendations aimed at improving the CRA to help it achieve its aims while reflecting realities of software development practices, particularly for developers in the open source community. Open source software is ubiquitous today, with 97 percent of code bases including open source components. Open source software is often developed on a voluntary basis and individual project maintainers do not always have the same resources or dedicated security teams as the businesses that integrate their code into products. The open source community generates significant benefit for the EUestimated at between 65 and 95 billion for the single market in 2018 aloneand warrants careful support. A primary challenge in cybersecurity within open source software is timely patching: while the open source community may promptly mitigate a vulnerability, downstream companies shipping products have historically been too slow to apply the fixes. Open source licenses disclaim all warranty, making explicit the expectation that any entity seeking to use or integrate the open source software bears responsibility to ensure its compliance with relevant laws. Entities selling products that integrate freely available open source software should be incentivized to ensure the security of the code they integrate and to maintain that security with timely patches. The CRA proposal takes important steps to achieve this aim, and it is encouraging to read the CRA proposals Recital 10 that acknowledges the important role played by open source software. Our recommendations below improve upon this intent.

Read full response

Meeting with Stig Joergen Gren (Cabinet of Vice-President Andrus Ansip)

17 Oct 2018 · Copyright

Meeting with Manuel Mateo Goyet (Cabinet of Commissioner Mariya Gabriel)