The German Federal Office for Information Security clearly states that it is good security practice to update software as soon as possible when there are new fixes published by the software manufacturer. Similarly, the Cyber Resilience Act in section 56 states: “One of the most important measures for users to take in order to protect their products with digital elements from cyberattacks is to install the latest available security updates as soon as possible.”

I recently participated in discussions at Open Forum Europe’s EU Open Source Policy Summit, FOSDEM and Open UK’s State of Open conference. All of these discussions touched on how governments and open source vendors need to work together and, specifically, how public sector organisations can help fund open source development.