ORC Monthly: Countdown to OCX

With OCX 2026 just weeks away, we’re looking forward to bringing the ORC community together in Brussels for an important milestone, the first-ever Open Community for Compliance track at OCX. This dedicated track reflects the growing importance of our work, offering a space for developers, policymakers, and industry leaders to exchange practical insights on topics like the Cyber Resilience Act, secure development, and open source compliance. If you’ve been following or contributing to ORC, this is a unique opportunity to connect in person and help shape what comes next. If you haven’t yet registered, we strongly encourage you to do so and be part of our first time at OCX.

Timo Perala and Dirk-Willem van Gulik
ORC co-chairs

What’s New

• CRA Training Session at OCX 2026
  Are you ready for the CRA? Learn how the EU regulation will affect open source in this hands-on workshop designed to help you understand the practical implications of the Cyber Resilience Act. Included with your OCX registration, this session is a great opportunity to build readiness and ask questions directly with experts. Learn more and plan your participation.
• Call for Speakers: CRA Mondays
  We’re looking for new speakers to join our upcoming CRA Mondays sessions. This is a great opportunity to share your experience, discuss challenges, showcase tools, or explore topics related to the Cyber Resilience Act with a highly engaged ORC community. The series has seen strong momentum over the past few months, and we’re excited to continue building a diverse lineup of talks. If you’re interested in presenting or would like to recommend a speaker, please reach out to Shanda.
• ORC at Embedded World 2026
  ORC returned to Embedded World for a second year, with noticeably increased awareness of the Cyber Resilience Act across the embedded systems community. We had many valuable conversations with organisations looking to better understand CRA requirements, and shared community-driven resources such as the CRA FAQ to support their journey.

Blog you might have missed

• Regulators Are Moving On SBOMs — But Is Your Compliance Program Keeping Pace?
• Coordinating Open Source Feedback on the CRA Draft Guidance
• Attestations in Progress

Overheard

Upcoming Events

• Nordic Software Security Summit | 8-10 April 2026
• Open Community Experience (OCX) 2026 | 21-23 April 2026
• foss-north 2026 | 27-28 April 2026
• CRA Monday: Using the CRA to Understand Systems in Practice | 11 May 2026

Recent Talks & Events

• Lessons from Log4Shell: building a CRA-ready Log4j
• Software Hash Identifier introduction and applications to in-development standards

How to Participate

• Learn
• Contribute
• Join the Working Group