Help us improve the EU Cyber Resilience Act Standards!
As the deadline for the application of the CRA draws closer, the OSI is happy to announce the beginning of an Open consultation on many of the vertical standards.
cra
State of the Source at ATO 2025: Cybersecurity
The OSI hosted the State of the Source Track at ATO. Katie Steen-James, Jeremy Stanley, Barry Peddycord III, and Bob Callaway led the panel Policy Cybersecurity, with updates on SBOMs, the Cyber Resilience Act, and what developers need to know.
Investing in Open Source sustainability: OSI supports OpenForum Europe’s EU Sovereign Tech Fund proposal
The OSI has endorsed a proposal from Open Forum Europe to create an EU Sovereign Tech Fund to support maintenance and development of key Open Source software projects.
OSI at the Open Source Founders Summit: supporting entrepreneurs to build a business with Open Source
Open Source Founders Summit (#05F525), held May 19–20 in Paris, brought together a vibrant community of Open Source entrepreneurs, builders, and advocates for two days of deep, engaging conversations about what it takes to create sustainable, successful Open Source companies.
Standards and the presumption of conformity
Access to the law includes access to the harmonized standards it predicates. But is it right that those standards can include royalty-due patents (SEPs)?
Improving Open Source security with the new GitHub Secure Open Source Fund
Launched with a $1.25 million commitment from partners, the GitHub Secure Open Source Fund is designed to address a critical issue: the often-overlooked necessity of security for widely-used Open Source projects.
CRA standards request draft published
The European Commission recently published a public draft of the standards request associated with the Cyber Resilience Act (CRA). For those who depend on incorporating or creating Open Source software, there is an encouraging new development found here. For the first time in a European standards request, there is an express requirement to respect the needs of Open Source developers and users.
Openly Shared: CRA’s Open goes beyond the OSD
The definition of “open source” in the most recent version (article 2(48)) of the Cyber Resilience Act (CRA) goes beyond the Open Source Definition (OSD) managed by OSI.
The European regulators listened to the Open Source communities!
Open Source communities defended developers and foundations against risks posed by the CRA to Open Source development, and their voices were heard. Workshops being offered at FOSDEM offer a chance for others to participate moving forward.
Diverse Open Source uses highlight need for precision in Cyber Resilience Act
The final legislative phase of the Cyber Resilience Act (CRA) is starting and the drafts still have issues arising from framing by the Commission or Parliament. Read OSI’s recommendations to frame the trialogue.
OSI calls for revision of disclosure rules in CRA
OSI is a co-signatory of an open letter sent this week to the European Parliament by European Digital Rights (EDRi) expressing concern that the Cyber Resilience Act (CRA) draft currently under consideration still includes mandatory requirements for vulnerability disclosure that violate best practices in Open Source software collaborations and are likely to actually undermine the security of digital products and the individuals who use them.
Another issue with the Cyber Resilience Act: European standards bodies are inaccessible to Open Source projects
Europe’s standards bodies have no functional relationships with Open Source charities and do not consult them.