OpenSSF teams up with Eclipse Foundation to define specifications for the EU’s Cyber Resilience Act


The Open Source Security Foundation (OpenSSF), which is a Linux Foundation project devoted to improving open source software security, has announced a collaboration with the Eclipse Foundation’s Open Regulatory Compliance Working Group to work on the EU’s Cyber Resilience Act.

The Cyber Resilience Act (CRA) establishes security requirements for hardware and software products for sale in the EU.  

Together, the OpenSSF and Eclipse Foundation, will contribute to the development of security standards. Their goal is to come up with standards that are practical, effective, and reflect the latest open source security advancements. 

They will work closely with policymakers, industry leaders, and security experts to ensure that the standards and specifications meet real-world needs. 

“The E.U. CRA seeks to fortify cybersecurity across the software supply chain by implementing stringent security measures and compliance standards for software products. Recognizing the critical role of open source software in the global digital infrastructure, the OpenSSF’s participation is poised to influence the creation of robust technically correct security specifications,” OpenSSF wrote in a blog post