October 14 2025
Building an Understanding of Voluntary Security Attestations and Their Role in Sustaining Open Source Communities
What Are Voluntary Security Attestations? In the context of the EU’s Cyber Resilience Act, Article 25, these could be documents that describe the security practices, processes, attributes, or assurances associated with an open source project. They could be publicly shared, perhaps in a code …October 9 2025
Preparing Manufacturers for the CRA at Code & Compliance
The Cyber Resilience Act (CRA) is reshaping how manufacturers approach software security and compliance. With key deadlines fast approaching, it’s crucial to understand what’s required and how to get there efficiently and collaboratively. That’s exactly what Code & Compliance Community Day is …October 6 2025
ORC Monthly: FAQ Momentum, Code & Compliance, and EU Consultations
As we move into autumn, the momentum in our community continues to build. A particular highlight is the upcoming Code & Compliance Community Day 2025, taking place 22–23 October. The program is shaping up beautifully, with speakers being announced daily. This is your opportunity to connect with …October 3 2025
Why Do You Trust Software? | CRA Mondays
In this edition of CRA Mondays, we welcomed John Ellis, President and Head of Product at CodeThink, to discuss the trustworthiness of software in the context of the Cyber Resilience Act (CRA). With extensive experience leading high-performance software projects across industries like automotive, …September 12 2025
How to Start Contributing to ORC Deliverables
Contributing to the Open Regulatory Compliance (ORC) Working Group is one of the most effective ways to help shape how the Cyber Resilience Act (CRA) impacts the open source ecosystem. If you’re new to the group or simply wondering where to begin, the best starting point is our deliverables plan. …September 10 2025
ORC Working Group Welcomes our 20th Foundation Member
The Open Regulatory Compliance (ORC) Working Group is built on the power of collaboration, and today, we celebrate an exciting milestone—surpassing 20 foundation members! This achievement is a testament to the strength of our community, uniting industry leaders, open source foundations and …September 10 2025
Unlocking Software Supply Chain Security: Updates from Ecma TC54 and OWASP | CRA Mondays
This post is part of our CRA Mondays series. It captures a recent session featuring Samina Husain (Ecma International), Steve Spring (Chair of Ecma TC54), and Philippe Ombredanne (AboutCode), exploring the ongoing work in Ecma’s TC54 committee and its alignment with the EU’s Cyber Resilience Act …August 27 2025
ORC Monthly: Recent press release, white paper on Open Source Stewards and the CRA and Code & Compliance
As summer winds down, ORC is gearing up for a busy event season. From global security summits to community-driven gatherings, this fall will be packed with opportunities to connect, share knowledge, and advance the conversation around the Cyber Resilience Act and upcoming regulations. One event you …August 25 2025
The OCCTET Project: Tooling for CRA Compliance with Sébastien Heurtematte | CRA Mondays
This post is part of our CRA Mondays series. It captures a session originally hosted earlier this year with Sébastien Heurtematte, coordinator of the OCCTET project. While the discussion took place several months ago, the insights remain highly relevant as CRA implementation continues to evolve. …August 14 2025
How to stop worrying and love the NLF with Fukami | CRA Mondays
This post is part of our CRA Mondays series. It captures a session originally hosted earlier this year with Fukami, EU Policy Advisor at the OpenSSF. While the discussion took place several months ago, the insights remain highly relevant as CRA implementation continues to evolve. CRA Mondays are a …August 13 2025
Code & Compliance Community Day 2025: What to Expect in Brussels
Here’s a preview of the topics and sessions shaping Code & Compliance Community Day 2025, taking place October 22–23, 2025 in Brussels. This event brings together open source maintainers, compliance leads, manufacturers, and institutional stakeholders to reflect on the Cyber Resilience Act’s …July 30 2025
ORC Monthly: Regulatory Submissions and Code & Compliance Community Day
As we dive into the summer months, we’re combining our June and July updates into a single post, because June was packed. In June alone, we contributed to the EU’s draft guidance on open source hardware, submitted detailed comments on the CEN/CENELEC PT 1 Standard, and provided feedback on the …July 15 2025
Save the Date: Code and Compliance Community Day 2025
We’re excited to announce Code and Compliance Community Day 2025, a two-part event taking place October 22–23, 2025, in Brussels, Belgium. This new event builds on the momentum of recent community gatherings and ongoing collaboration around open source and regulatory compliance. Designed to support …June 20 2025
Maintainer Month Recap: What the CRA Means for You
Last month we teamed up with GitHub to host “The Cyber Resilience Act and Open Source: What Maintainers Really Need to Know.” The one-hour panel zeroed in on the top worries we hear from open source project maintainers and contributors. Below is a recap—and, more importantly, where you’ll find the …June 4 2025
ORC Monthly: Deliverables Plan in Motion, New Task Force Forming and CRA Maintainers Recap
We’re pleased to share that we’ve moved from planning to execution. The Cyber Resilience SIG’s deliverables plan has been expanded with clear, actionable projects, which will each be supported by a dedicated task force. This marks a significant milestone in our collective efforts to operationalise …May 26 2025
Maintainer Month Speaker Spotlight: Felix Reda
As part of Maintainer Month—a time to recognize and support the open source maintainers who keep our digital infrastructure running—Open Regulatory Compliance (ORC) is hosting a special panel on 27 May. Among the featured speakers is Felix Reda, who will share insights in the session titled, “The …May 22 2025
Maintainer Month Speaker Spotlight: Maarten Aertsen
In honour of Maintainer Month, Open Regulatory Compliance (ORC) will host a panel with GitHub on 27 May focused on one of the most pressing topics facing open source maintainers today. Maarten Aertsen is among the expert speakers featured in the discussion, “The Cyber Resilience Act and Open Source: …May 20 2025
Maintainer Month Speaker Spotlight: Daniel Stenberg
On 27 May, Open Regulatory Compliance (ORC) is hosting a panel in support of GitHub’s Maintainer Month, a month dedicated for open source maintainers to gather, share, and be celebrated. Daniel Stenberg is one of the speakers in the ORC’s panel, “The Cyber Resilience Act and Open Source: What …May 12 2025
Save the Date: ORC Celebrates GitHub Maintainer Month with CRA Panel
On 27 May, Open Regulatory Compliance is hosting a panel, “The Cyber Resilience Act and Open Source: What Maintainers Really Need to Know,” which will be live-streamed by GitHub as part of Maintainer Month. Maintainer Month is a month dedicated for open source maintainers to gather and share helpful …April 30 2025
ORC Monthly: CRA Monday launched, feedback submitted, and deliverables plan expanded
We’re pleased to share that, following active community discussions and collaboration, we have submitted feedback to the European Commission on the Definition of Important and Critical Product Categories. This contribution reflects our collective understanding of how the CRA definitions intersect …March 25 2025
ORC Monthly: Cyber Resilience Spec Project, Deliverables Plan and Feedback for the European Commission
The Cyber Resilience SIG reached a critical milestone by defining a scope of work for 2025. The Cyber Resilience Practices Spec project has also launched, with project proposal and feedback open for review and contribution. The Open Regulatory Compliance WG attended several recent industry events …March 6 2025
Meet Open Regulatory Compliance at Embedded World 2025
Embedded systems are at the heart of modern industry, powering everything from automotive applications to industrial automation. But as software continues to define embedded technologies, new regulations like the Cyber Resilience Act (CRA) are set to reshape how manufacturers and developers approach …February 26 2025
ORC Monthly: CRA Expert Group, Recent Workshops, and More
The Open Regulatory Compliance WG has created new resources on GitHub for those who are just getting started or who want to learn how to contribute. We hosted our first workshop in Brussels, joined the EU Open Source Policy Summit and attended the first CRA Expert Group meeting, had multiple …December 19 2024
The composition of the Cyber Resilience Act (CRA) Expert Group: a key step toward Collaborative Cybersecurity Policy
The European Commission revealed on December 11 the members of its Cyber Resilience Act (CRA) Expert Group, following a public call for applications that ran in October of this year. This diverse group brings together individual experts, industry leaders, Member State agencies, and non-governmental …
ORC Working Group
Cyber Resilience SIG
Our Members
Become a Member
Participation and Membership FAQ
Cyber Resilience Act
Community Calendar
Blog
Videos
Marketing Resources