Cyber Resilience Act
KubeCon + CloudNativeCon Europe 2026 Co-located Event Deep Dive: Open Source SecurityCon
Open Source SecurityCon (evolved from Cloud Native SecurityCon) returns for its second event, co-located with KubeCon + CloudNativeCon Europe 2026. The conference advances innovation and collaboration across open source software security and cloud native security. It brings together creators, maintainers, operators, and consumers who are actively involved in securing the software ecosystem.
First Steps Towards Cyber Resilience Act Conformity: Biking the CRA with Balena at FOSDEM 2026
Recently, I spoke at the Free and Open Source Developers' European Meeting (FOSDEM) 2026 on “First steps towards Cyber Resilience Act (CRA) conformity: A practical introduction to cybersecurity risk management.”
Preserving Open Source Sustainability While Advancing Cybersecurity Compliance
The Cyber Resilience Act (CRA) represents a significant evolution in the European Union’s approach to product cybersecurity and software supply chain risk. Article 25 explicitly recognizes the unique role of free and open source software (FOSS) and seeks to facilitate compliance for manufacturers by enabling voluntary security attestation programmes for FOSS.
SBOMs in the Era of the CRA: Toward a Unified and Actionable Framework
By Madalin Neag, Kate Stewart, and David A. Wheeler In our previous blog post, we explored how the Software Bill of Materials (SBOM) should not be a static artifact created...
OpenSSF Newsletter – September 2025
Welcome to the September 2025 edition of the OpenSSF Newsletter! Here’s a roundup of the latest developments, key events, and upcoming opportunities in the Open Source Security community. TL;DR: 🎉...
Open Source Friday with OpenSSF – Global Cyber Policy Working Group
On August 15, 2025, GitHub’s Open Source Friday series spotlighted the Open Source Security Foundation (OpenSSF) in a live interview hosted by Kevin Crosby. Open Source Friday is GitHub’s weekly program that celebrates the creators, maintainers, and contributors who make the open source community thrive. The session introduced the OpenSSF Global Cyber Policy Working Group…
🎉 Celebrating Five Years of OpenSSF: A Journey Through Open Source Security
August 2025 marks five years since the official formation of the Open Source Security Foundation (OpenSSF). Born out of a critical need to secure the software supply chains and open...
Blog
AI security
Alpha-Omega
C++
Compiler Hardening
CVEs
Cyber Resilience Act
GUAC
mentorship
MLSecOps
Open Source Community
Open Source Policy
Open Source Security
Open Source Security Foundation
OpenSSF
OSPS Baseline
Scorecard
Secure Software Development
security best practices
sigstore
SLSA
Software Supply Chain
New: Cyber Resilience Act (CRA) Brief Guide for OSS Developers
Specialized software, such as software in medical devices, has been regulated for years. But laws on specialized software affected very few developers. The European Union (EU) Cyber Resilience Act (CRA) is fundamentally different.