Global Cyber Policy

Hack to the Future: The Impact and Legacy of the DARPA AIxCC Challenge

AI Blog Global Cyber Policy Guest Blog AIxCC Cyber Reasoning Systems DARPA Open Source Security vulnerability management

From AIxCC to OpenSSF: Welcoming OSS-CRS to Advance AI Driven Open Source Security

AI Blog Global Cyber Policy AI security AI/ML Security Working Group AIxCC Automated Patching Bug Hunting Cyber Reasoning Systems DARPA LLM security Open Source Security OpenSSF OSS-CRS Software Security

First Steps Towards Cyber Resilience Act Conformity: Biking the CRA with Balena at FOSDEM 2026

Recently, I spoke at the Free and Open Source Developers' European Meeting (FOSDEM) 2026 on “First steps towards Cyber Resilience Act (CRA) conformity: A practical introduction to cybersecurity risk management.”

Blog EU Cyber Resilience Act Global Cyber Policy Guest Blog Community CRA Cyber Resilience Act FOSDEM OpenSSF

Case Study: Defending the Open Source Supply Chain in a New Regulatory Era

Blog Case Studies EU Cyber Resilience Act Compliance CRA Open Source Security Red Hat Supply Chain Integrity

EU Cyber Resilience Act (CRA) in Practice @ FOSDEM 2026: From Awareness to Action

Over the past few years, the free and open source (FOSS) community has engaged deeply with the CRA, highlighting its significance and potential impact.

Blog EU Cyber Resilience Act Guest Blog CRA Cyber Resilience Act (CRA) FOSDEM OpenSSF Public Policy

Preserving Open Source Sustainability While Advancing Cybersecurity Compliance

The Cyber Resilience Act (CRA) represents a significant evolution in the European Union’s approach to product cybersecurity and software supply chain risk. Article 25 explicitly recognizes the unique role of free and open source software (FOSS) and seeks to facilitate compliance for manufacturers by enabling voluntary security attestation programmes for FOSS.

Blog EU Cyber Resilience Act Global Cyber Policy Community CRA Cyber Resilience Act Cybersecurity

CRA Implementation Resources from the European Commission

The European Commission has released an information website on CRA implementation: https://digital-strategy.ec.europa.eu/en/factpages/cyber-resilience-act-implementation The Commission has also published the first version of the FAQ: https://ec.europa.eu/newsroom/dae/redirection/document/122331

EU Cyber Resilience Act

SBOMs in the Era of the CRA: Toward a Unified and Actionable Framework

By Madalin Neag, Kate Stewart, and David A. Wheeler In our previous blog post, we explored how the Software Bill of Materials (SBOM) should not be a static artifact created...

Blog EU Cyber Resilience Act Global Cyber Policy Guest Blog Cyber Resilience Act OpenSSF tools SBOM interoperability Software Supply Chain Security SPDX CycloneDX standards

From Ghent to Brussels: OpenSSF’s Week of Policy and Security in Europe

At the end of October, the Linux Foundation, the Linux Foundation Europe and OpenSSF will gather leaders across industry, government, and open source communities for three impactful events in Belgium. Together, these back-to-back gatherings will advance collaboration, shape policy, and highlight the critical role of open source in Europe’s digital future.

Blog EU Cyber Resilience Act Global Cyber Policy CRA Cybersecurity EU Events OpenSSF Community Public Policy

Open Source Friday with OpenSSF – Global Cyber Policy Working Group

On August 15, 2025, GitHub’s Open Source Friday series spotlighted the Open Source Security Foundation (OpenSSF) in a live interview hosted by Kevin Crosby. Open Source Friday is GitHub’s weekly program that celebrates the creators, maintainers, and contributors who make the open source community thrive. The session introduced the OpenSSF Global Cyber Policy Working Group…

Blog Global Cyber Policy Community CRA Cyber Resilience Act OpenSSF Public Policy