Thanks for your post & your counter 😆

I'm curious: you characterize the EU #CRA as requiring #SBOM's *specifically*. I know the License Compliance Industrial Complex wants it to be true, but I researched this issue for my #FOSDEM 2025 talk…
fosdem.org/2025/schedule/event…
… & IIUC CRA *doesn't* specify SBOMs specifically.
IMO, if the vendor gives the customer complete, Corresponding Source & a 100% @reproducible_builds they've complied with CRA. No one has shown me anything that disproves that.

FOSDEM 2025 - Is There Really an SBOM Mandate?

^fosdem.org

Oh wow! Could you tell them you're happy to answer their questions in return for a 100k donation?

(NB: We warned EU lawmakers when they drafted the #CRA that this might happen but they were mostly doing 🙈🙉🙊)

Cybersecurity Risk Assessment Request

daniel.haxx.se/blog/2025/07/11…

#curl #CRA

Cybersecurity Risk Assessment Request

With the new EU legislation Cyber Resiliency Act (CRA), there are new responsibilities and requirements put on manufacturers of digital products and services in Europe.

^{daniel.haxx.se}

That was the #CRA panel w/ @bagder @tobie @senficon

The audience questions were pretty good, I hope our answers were useful to someone.

There’s a recording here m.youtube.com/watch?v=DLxZdU8k…

Otherwise, head over to the orcwg.org FAQ to contribute/ask or wait for the @EUCommission to publish their guidance, which I’ll surely post about once it is published.

The Cyber Resilience Act and Open Source: What Maintainers Really Need to Know

Many open source maintainers are concerned about their obligations under the EU Cyber Resilience Act. This webinar, organized by the Eclipse Foundation’s Ope...

^YouTube

The coming EU Cyber Resilience Act will affect all Open Source projects. The Eclipse Foundation has created the Open Regulatory Compliance working group together with a list of other Open Source organisations to jointly develop best current practises and have a continuous dialog with regulatory bodies.

Mikael Barbero will present this important workgroup at the NSSS24!

Register today for the conference - nsss.se

@EclipseFdn @owasp @openssf
#EUCRA #CRA #OPENSOURCE

A near-final draft of the #CRA #standards request has been published by the @EU_Commission and it includes a very encouraging requirement that the standards organisations consult with the #OpenSource community - and prove they've done so.

the.webm.ink/cra-standards-req…

CRA Standards Request Draft Published

The European Commission recently published a public draft of the standards request associated with the Cyber Resilience Act (CRA). Anyone...

^{Webmink In Draft}

[swe] EU Cyber Resilience Act är på gång och vi har fått tillgång till den nya versionen efter förra årets förhandlingar mellan komissionen, parlamentet och rådet. På torsdag kör vi Dataföreningen ett gratis lunchseminarie där vi diskuterar CRA - senaste uppdateringarna, vad säger Open Source-grupperna och vad gäller för tillverkare av digitala produkter?

Registrera dig här:

dfs.se/pa_gang/prata-eu-cyber-…

#CRA #EUCRA #CYBERSECURITY

I'm still concerned but the Python Software Foundation's post about the #EU's Cyber Resilience Act (#CRA) makes me optimistic that it could work for #FreeSoftware. I do agree with the core idea that #commercial #software companies should be held more accountable than they currently are. The key is getting it just right so that anyone can write whatever free software they feel like writing, and share it on the internet, without having to get a lawyer first.

pyfound.blogspot.com/2024/01/C…

EU’s Cyber Resilience Act Passes with Wins for Open Source

Back in April, we wrote to the community about our concerns for the future of the open source ecosystem generally and CPython and PyPI spec...

^{Python Software Foundation Blog}