EU Cyber Resilience Act

First Steps Towards Cyber Resilience Act Conformity: Biking the CRA with Balena at FOSDEM 2026

Recently, I spoke at the Free and Open Source Developers' European Meeting (FOSDEM) 2026 on “First steps towards Cyber Resilience Act (CRA) conformity: A practical introduction to cybersecurity risk management.”

Blog EU Cyber Resilience Act Global Cyber Policy Guest Blog Community CRA Cyber Resilience Act FOSDEM OpenSSF

Case Study: Defending the Open Source Supply Chain in a New Regulatory Era

Blog Case Studies EU Cyber Resilience Act Compliance CRA Open Source Security Red Hat Supply Chain Integrity

EU Cyber Resilience Act (CRA) in Practice @ FOSDEM 2026: From Awareness to Action

Over the past few years, the free and open source (FOSS) community has engaged deeply with the CRA, highlighting its significance and potential impact.

Blog EU Cyber Resilience Act Guest Blog CRA Cyber Resilience Act (CRA) FOSDEM OpenSSF Public Policy

Preserving Open Source Sustainability While Advancing Cybersecurity Compliance

The Cyber Resilience Act (CRA) represents a significant evolution in the European Union’s approach to product cybersecurity and software supply chain risk. Article 25 explicitly recognizes the unique role of free and open source software (FOSS) and seeks to facilitate compliance for manufacturers by enabling voluntary security attestation programmes for FOSS.

Blog EU Cyber Resilience Act Global Cyber Policy Community CRA Cyber Resilience Act Cybersecurity

CRA Implementation Resources from the European Commission

The European Commission has released an information website on CRA implementation: https://digital-strategy.ec.europa.eu/en/factpages/cyber-resilience-act-implementation The Commission has also published the first version of the FAQ: https://ec.europa.eu/newsroom/dae/redirection/document/122331

EU Cyber Resilience Act

SBOMs in the Era of the CRA: Toward a Unified and Actionable Framework

By Madalin Neag, Kate Stewart, and David A. Wheeler In our previous blog post, we explored how the Software Bill of Materials (SBOM) should not be a static artifact created...

Blog EU Cyber Resilience Act Global Cyber Policy Guest Blog Cyber Resilience Act OpenSSF tools SBOM interoperability Software Supply Chain Security SPDX CycloneDX standards

From Ghent to Brussels: OpenSSF’s Week of Policy and Security in Europe

At the end of October, the Linux Foundation, the Linux Foundation Europe and OpenSSF will gather leaders across industry, government, and open source communities for three impactful events in Belgium. Together, these back-to-back gatherings will advance collaboration, shape policy, and highlight the critical role of open source in Europe’s digital future.

Blog EU Cyber Resilience Act Global Cyber Policy CRA Cybersecurity EU Events OpenSSF Community Public Policy

What’s in the SOSS? Podcast #36 – S2E13 From Compliance to Community: Meeting CRA Requirements Together

EU Cyber Resilience Act Podcast Alpha-Omega CRA Erlang Open Source Security OpenSSF

New: Cyber Resilience Act (CRA) Brief Guide for OSS Developers

Specialized software, such as software in medical devices, has been regulated for years. But laws on specialized software affected very few developers. The European Union (EU) Cyber Resilience Act (CRA) is fundamentally different.

Blog EU Cyber Resilience Act Global Cyber Policy CRA Cyber Resilience Act Cybersecurity education Linux Foundation Open Source Open Source Security

OSS and the CRA: am I a Manufacturer or a Steward?

The European Union’s Cyber Resilience Act (CRA) is a piece of legislation that covers all countries within the EU and the EEA and entered into force on 10th December 2024. It covers many types of devices and applications that are either sold or otherwise made commercially available on the European market and the intention behind…

Blog EU Cyber Resilience Act Global Cyber Policy CRA Cyber Resilience Act OpenSSF Public Policy