Skip to main content

OpenSSF Joins Open Source Consortium To Define E.U. CRA Security Specifications

By May 22, 2024Blog

The Open Source Security Foundation (OpenSSF), a project of the Linux Foundation focused on improving the security of open source software, is proud to announce its collaboration with the Eclipse Foundation and a leading open source consortium to work on the European Union’s (E.U.) Cyber Resilience Act (CRA). This alliance aims to establish common specifications for software cybersecurity resilience grounded in open source best practices.

The E.U. CRA seeks to fortify cybersecurity across the software supply chain by implementing stringent security measures and compliance standards for software products. Recognizing the critical role of open source software in the global digital infrastructure, the OpenSSF’s participation is poised to influence the creation of robust technically correct security specifications.

By joining forces with the Eclipse Foundation and other prominent open source organizations, the OpenSSF will leverage its leadership in cybersecurity to ensure that the standards developed are practical and effective and reflect the latest advancements in open source security. By participating in this consortium, the OpenSSF hopes to provide the E.U. government with a consistent view representing the state of the art in cybersecurity and advocating for the community’s interest.

The consortium will work closely with policymakers, industry leaders, and security experts to align the specifications with real-world requirements and best practices. This collaborative effort will include workshops, public consultations, and contributions to developing and refining the CRA’s standards.

For more information about the OpenSSF’s involvement and to participate in upcoming discussions, please visit OpenSSF’s official website.

About OpenSSF

The OpenSSF is a cross-industry initiative by the Linux Foundation that brings together the industry’s most important open source security initiatives and the individuals and companies that support them. The OpenSSF commits to collaborating and working upstream and with existing communities to advance open source security. For more information, please visit us at

About the Eclipse Foundation

The Eclipse Foundation provides our global community of individuals and organisations with a business-friendly environment for open source software collaboration and innovation. We host the Eclipse IDE, Adoptium, Software Defined Vehicle, Jakarta EE, and over 410+ open source projects, including runtimes, tools, specifications, and frameworks for cloud and edge applications, IoT, AI, automotive, systems engineering, open processor designs, and many others. Headquartered in Brussels, Belgium, the Eclipse Foundation is an international non-profit association supported by over 360 members. To learn more, follow us on social media @eclipsefdn, LinkedIn or visit