Open Source Summit North America 2025

The EU Cyber Resilience Act (CRA) aims to safeguard European consumers and at first glance it targets only the EU market. But in fact the entire OSS ecosystem falls under its scope, which could be scary not only for Manufacturers or Stewards, but also is seen harmful for Individual Developers. Let’s debunk some of those myths! To preserve CRA’s positive intention, we as a community work hard to make sure its implementation incentivizes contributors to become good Open-Source citizens.

During this session we will explore how CRA impacts all players in the OSS ecosystem and why Maintainers MUST keep going with their brilliant work and shouldn’t be afraid. We will discuss what we at foundations and various expert groups are doing to help the open-source community navigate the actual requirements, as well as what standards and tools are available right now, followed by useful examples. They will include templates, samples, checklists, good practices and ideas how YOU can leverage: open-source tools like Security Scorecard, GUAC, Trustify, Minder, a few others; frameworks like Security Base Line and C2C2F; standards like OpenVEX; collaborations like Global Cyber Policy WG.