Last call to register for our webinar on "The security project for QGIS" this Thursday 19th at 5 PM (Paris time) !
https://framaforms.org/webinar-security-project-for-qgis-1747206395
If you are in the #Geospatial domain, and care about #cybersecurity, do not hesitate to attend to know more !
You can also check the official project website : https://security.qgis.oslandia.com
@jmaris from the #OSI #EU policy team is present in Berlin today at the meeting of European Standardisation organisations on the #CyberResilienceAct.
Our aim is simple: make sure standards around the #CRA are written with the #OpenSource community in mind!
[JM]
Really glad to see the #OSI's efforts highlighted here.
I worked as a Parliament staffer during negotiations on the #CyberResilienceAct, and can say with confidence that if it weren't for OSI, it's educational work, and its efforts to connect lawmakers with Open Source developers, the CRA would have been extremely harmful for the #OpenSource community.
Are you a steward? A manufacturer? Or... neither?
The #CRA draws new legal lines for open source software—especially around who’s responsible for what.
Get the clarity you need in this must-read blog from Mike Bursell, Co-chair, OpenSSF Cyber Policy Working Group.
Read the blog : https://openssf.org/blog/2025/06/02/oss-and-the-cra-am-i-a-manufacturer-or-a-steward/
"The Open Source Security FoundationBest Practices badge is a way for Free/Libre and Open Source Software projects to show that they follow best practices.
Projects can voluntarily self-certify, at no cost […] to explain how they follow each best practice."
#FLOSS #opensource #security #OpenSSF #NIS2 #CyberResilienceAct
To implement best practices and strong guidelines, and also to be compliant with CRA and NIS2, it is more and more mandatory to have an SBOM for its software project.
So, freshly integrated open source tools which can generate an SBOM file in different formats (like CycloneDX or SPDX), and process this file to check if there are know vulnerabilities.
"What the EU’s new software legislation means for developers" - blog publication of @senficon on GitHub
https://github.blog/open-source/maintainers/what-the-eus-new-software-legislation-means-for-developers/
"Be ready to integrate the Cyber Resilience Act into your Open Source practice", the Cyber Resilience Act Compliance Guide for Open Source Industry Players, by @Inno_3 for CNLL
#opensource #security #CRA #CyberResilienceAct
https://cnll.fr/documents/98/CNLL_inno3_Guide-CRA_english1.0.pdf
The EU's Cyber Resilience Act (#CRA) is different from previous compliance requirements. For the first time, full supply chain compliance will be required for all products with digital elements sold in the European market.
If you manufacture, maintain, or steward #opensource software and are unclear about how the CRA might impact you, check out the #ORCWG's GitHub for discussions! https://github.com/orcwg/cra-hub
Conf de @mrybczyn sur le Cyber Resilience Act.
La liste des produits concernés et leurs classes : https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A02024R2847-20241120&qid=1748165613784#anx_III
Le guide du CNLL : https://linuxfr.org/news/guide-cnll-inno-sur-le-cyber-resilience-act-etes-vous-prets-pour-les-echeances-de-2026-et-2027
(dans les slides, page 10 il y a un schéma qui explique dans quels cas un produit open source est concerné)
Conférence sur le #CyberResilienceAct, un autre vaste sujet pour « tout produit comportant des éléments numériques » mis sur le marché européen.
#jdll #jdll2025
Join us for “The #CyberResilienceAct and Open Source: What Maintainers Really Need to Know” on 27 May!
Key questions this panel will address:
Does the #CRA apply to my open source project? What's the difference between a "manufacturer," "steward," and regular contributor? How should maintainers respond to compliance requests from companies?
And more!
https://maintainermonth.github.com/schedule/2025-05-27-CRA
On May 27th at 18h CEST, I’ll participate on a (streamed) panel on the #CyberResilienceAct for maintainers of Free and Open Source Software, with @ag_dubs, @bagder and moderators @tobie and @senficon.
Info at https://maintainermonth.github.com/schedule/2025-05-27-CRA
Don’t miss out on the chance to learn more about how the #opensource community through the #ORCWG is responding to the challenges posed by the EU's Cyber Resilience Act (#CRA).
Register to attend this webinar, taking place on 28 April! https://www.crowdcast.io/c/orc-28042025
Blog post: 'Cyber Resilience Act (CRA): What You Need to Know' 
The EU's Cyber Resilience Act is reshaping how we think about software security, with significant implications for anyone building or maintaining digital products in the EU.
In our latest blog post, we unpack what the CRA means, when it will be implemented, who it impacts, and outline the penalties for non-compliance.
→ See how the CRA impacts you: https://www.codethink.co.uk/articles/what-is-cyber-resilience-act-cra/
Free Software and CRA - expert talk and discussion
The #CRAFAQ is a community effort to collect and answer open source related aspects covered by the EU’s Cyber Resilience Act (CRA), especially as it relates to open source.
To take a look at the #CRAFAQ so far or to join the task force working on this, visit: https://github.com/orcwg/cra-hub/blob/main/faq.md
The #CyberResilienceAct is here and it's a game-changer for all digital products entering the EU market. Join us on April 18 for an OnRamp session feat. @tobie from @EclipseFdn.
Essential insights for #OSPOs, SMEs, and tech leaders. #CRA #cybersecurity
For all details 
https://mastodon.opencloud.lu/@OSPOAlliance/114273458414631147
If you manufacture software, you likely have questions about the EU’s Cyber Resilience Act (CRA).
Join the discussion at any time and get involved in mapping compliance.
https://github.com/orcwg/cra-hub/issues/125
Next #OSPO OnRamp on April 18!
Topic: The #CyberResilienceAct is here. Now what?
@tobie, Tech Lead ORC WG @EclipseFdn & Principal at UnlockOpen
10:30–12:00 CEST No reg, just join: https://bbb.opencloud.lu/rooms/flo-iof-4xr-orc/join
https://ospo-alliance.org/onramp and https://forum.ospo-alliance.org/t/onramp-session-on-april-18th-about-the-cyber-resilience-act/155
#NAFO 
