🚨 The EU just made SBOMs mandatory for all software products!
Our guide breaks down the Cyber Resilience Act requirements and provides a roadmap to compliance before the 2027 deadline.
Don't wait—start building your SBOM strategy today.
🔗 https://anchore.com/sbom/eu-cra/
What did Log4Shell teach us about securing open source?
Join the ORC WG on Monday to explore the lessons from Log4Shell and what a CRA-ready Log4j looks like.
📆 March 16 at 12 pm EDT
➕ Add to your calendar: https://buff.ly/GZ8m6Gv
#CRA #CyberResilience #opensource #ORCWG #log4j #CRAMondays
EU-Vorgaben für Cybersicherheit zwingt Embedded-Systems-Branche zu Veränderungen
Der Cyber Resilience Act (CRA) verlangt Änderungen an Industriecomputern, Medizinelektronik, Robotern und sonstigen Embedded Systems – mit Nebenwirkungen.
📄 Offene Formate gewinnen: Nach Kritik der Document Foundation stellt die EU-Kommission das Feedback-Formular zur CRA-Konsultation nun auch im offenen ODS-Format bereit.
Ein wichtiger Schritt für #Interoperabilität und gegen Vendor-Lock-in! 👏 Die schnelle Reaktion der GD CONNECT innerhalb von 24 Stunden ist ein starkes Signal für #OffeneStandards und #DigitaleSouveränität.
Nutzt das ODS-Template!
Log4Shell revealed just how deeply open source runs through the global software supply chain—and how hard it can be to respond when a critical dependency fails.
Join the ORC WG for the next #CRAMondays to explore the lessons from Log4Shell and what it takes to build a CRA-ready Log4j.
📆 March 16 at 12 pm EDT
➕ Add to your calendar: https://bit.ly/3PuQozy
#CRA #CyberResilience #opensource #ORCWG #log4j
🚀 March Newsletter 🚀
Our March newsletter brings you the energy of 22 I Love Free Software Day ❤️ celebrations across Europe, the Norwegian release of Ada & Zangemann, updates on the #CRA and #RouterFreedom and two fresh Software Freedom Podcast episodes.
LibreOffice criticizes EU Commission over proprietary XLSX formats
The Document Foundation criticizes the EU Commission for exclusively using Microsoft's XLSX format in the Cyber Resilience Act consultation.
#CRA #DigitaleSouveränität #DocumentFoundation #EU #IT #LibreOffice #Netzpolitik #ODF #OpenSource #news
The EC is working on more detailed guidance about how the CRA will work in practice. After lots of input from many of our open source colleagues, they have issued a draft. There are substantial improvements to the guidance around open source.
The EC has opened a 4-week public comment period on this new document, it would be a good time to read it and comment, if you haven't.
The European Commission has published its draft guidance on the #CyberResilienceAct #CRA, including guidelines on provisions about open-source software and remote data processing solutions. 4 weeks to offer feedback!
I recently presented Deutsche Bahn's ongoing efforts to make its software supply chains more transparent. For the first time, we publicly shared how we set up the internal program, the principles we follow, the overarching architectural blueprint, and the tools we use to create, store, and analyze 80,000+ SBOMs. All of this is to find out, in real time, which of the over 100,000 software components we are using are where and how. [🧵 1/3]
📣 Producenten, importeurs en distributeurs van digitale producten onder de Cyber Resilience Act opgelet:
Op 19 februari organiseren wij samen met het Ministerie van Economische Zaken een webinar over de CRA.
➡️ Leer meer over naleving van de cyberveiligheidseisen die vanaf 11 december 2027 gelden. En over de verplichting vanaf 11 september 2026 om incidenten en geëxploiteerde kwetsbaarheden te melden bij het @NCSC_NL
Schrijf je snel in! 👉🏾 https://www.rdi.nl/over-ons/evenementen/webinar-naleving-cra-2026
The talk "Effective Standard-setting" by @tobie was a personal highlight right at the end of #fosdem. As someone pretty new to web standards I really need all perspectives I can get. #standards #cra.
At #FOSDEM and want to learn how a large organization such as #DeutscheBahn is getting ready for the #CRA by making its software supply chain transparent with #SBOM?
Join my talk today (15:05) on the strategy we've set up: https://fosdem.org/2026/schedule/event/ZSWH3N-deutsche-bahn-supply-chain-cra-strategy/
...and tomorrow (12:00) with an emphasis on the tooling we're using: https://fosdem.org/2026/schedule/event/7EYTRJ-deutsche-bahn-large-scale-sbom-approach/
I offer facts and diagrams. I seek questions and feedback.
It’s event madness for Codethink over the next few days! From the 29th January to 1st February we will be presenting at the below events.
Code & Compliance 2026
EU Open Source Policy Summit
FOSDEM 2026
Visit our event page to learn more! https://www.codethink.co.uk/events.html
It's been nearly a full year since the Cyber Resilience Act (CRA) came into force. The Act's primary obligations come into effect in 2027. Is your business prepared?
Read our article 'Cyber Resilence Act (CRA): What you need to know' to ensure your business is up to speed on the upcoming requirements.
https://www.codethink.co.uk/articles/what-is-cyber-resilience-act-cra/
#TrustableSoftware #CRA #CyberSecurity #Safety
A range of papers will soon be out (preprint or otherwise): AI as medical diagnosis tools (more than one paper), other AI papers, client-side scanning paper, legal philosophy paper, new CRA and AI Act analysis papers, supply chain security followup, a cybercrime paper (finally), anything else half finished etc. #academia #law #research #cybersecurity #security #safety #EUlaw #gblaw #uklaw #internationallaw #interdisciplinary #cybercrime #resilience #cra #aiact
tl;dr – Apache Software Foundation, Blender Foundation, OpenSSL Software Foundation, PHP Foundation, Rust Foundation, and Eclipse Foundation have jointly announced their intention to collaborate on the establishment of common specifications for secure software development based on existing open source best practices. https://eclipse-foundation.blog/2024/04/02/open-source-community-cra-compliance/ #opensource #cra #cybersecurity @python @rust @EclipseFdn @opensslannounce @Blender
Our latest #podcast episode delves deep into the EU Cyber Resiliency Act (#CRA). Our guests @mmilinkov, @mirkoboehm, and @ygriega talk about how it evolved from a potential disruption of #OpenSource to a pro-consumer regulation in software. #OpenSource @linuxfoundation @EclipseFdn
Listen Here - https://podcast.opensap.info/open-source-way/2024/04/04/eu-cyber-resilience-act-cra/.
New talk (FOSS Backstage 2024): EU cybersecurity regulation and Open Source governance
The EU Cyber Resilience Act (#CRA)sets standards for how software should be designed, developed and distributed with security in mind. Any regulation of how software is developed also affects #FOSS How do individual developers and communities adapt to the new regulatory environment?
https://www.creative-destruction.org/talk/2024-03-foss-backstage/
Shipping major software without known exploits is unrealistic.
Or is it?
#opensource #fossback #cra
Live in the EU? #FOSS developer or contributor? The #CyberResilienceAct might impact what you do.
Join #Joomla, #WordPress, #TYPO3 and #Drupal tomorrow in a first-of-it’s-kind joint webinar to discuss the #CRA and it’s implications for open source and CMS projects and communities.
Register here: https://drupalassoc.zoom.us/webinar/register/WN_N1fI-YlVTFSu3fsLkXFPXw#/registration
