Several open source foundations join together to establish cybersecurity standards in response to the 0EU CRA

CRA Linux

EU Cyber ​​Resilience Law

In a joint movement, several leading foundations in the world of open source have decided to join forces to address one of the main topics of interest in the EU, and they have come together to establish a joint initiative to establish common specifications that promote cybersecurity and regulatory compliance, especially in response to the European Union's Cyber ​​Resilience Act (CRA).

In response to the growing need for cybersecurity process standards, the Apache Software Foundation, Blender Foundation, OpenSSL Software Foundation, PHP Foundation, Python Software Foundation, Rust Foundation and Eclipse Foundation come together to address compliance with the Law, As this collaboration is crucial given that the CRA will go into effect in 2027, it is necessary to establish strict standards for cybersecurity and the resilience of digital infrastructures, including open source software.

The initiative, coordinated by the Eclipse AISBL Foundation based in Brussels and supported by its specification process and a new working group, seeks to establish common specifications that reflect best practices in secure software development. This collaborative effort invites other open source foundations, startups, industry players, and researchers to actively participate.

It is mentioned that Initially, work will be done to take advantage of the policies and procedures existing security policies from the respective open source foundations, along with similar documents detailing best practices.

Governance of the working group will be based on the model established by the Eclipse Foundation, with equal representation from the open source community to ensure diversity and transparency in decision-making. The results are expected to include process specifications available under liberal, royalty-free copyright licenses.

In addition to that, One of the main objectives of this collaboration is to develop process specifications that are available under liberal, royalty-free licenses.. This will ensure that open source communities can adopt and use these specifications without restrictions, promoting security and compliance at all levels of software development.

The participation of other open source foundations, SMEs, industry players and researchers is essential for the success of this initiative. It is expected that the diversity of experiences and knowledge will contribute a comprehensive perspective to the development of these common specifications.

The challenges facing this collaboration are significant. The limited time to implement new standards, the diversity of approaches in open source communities, and the need to align security requirements with existing development practices are just some of the key considerations.

Although open source communities and foundations generally follow best security practices of the industry, legislation has created an urgent need for process standards of cybersecurity, especially with the CRA of the European Union.

The CRA will generate multiple requests for standards to European standards bodies, and these requirements are not limited to Europe, as similar requests are expected from the United States and other regions, which is why open source foundations are taking on the challenge of establishing common specifications for secure software development.

This challenge It is complicated by several factors:

  • More than 80% of the global software infrastructure is open source, meaning the software supply chain is highly dependent on it.
  • Traditional standards bodies have little interaction with open source communities and lack governance models to integrate their standards.
  • Open source communities have limited resources and little experience with standards bodies.

This collaboration demonstrates the open source foundations' commitment to proactively and effectively addressing cybersecurity challenges and the resulting specifications are expected to not only meet CRA requirements, but also establish a standard of excellence in security of open source software worldwide.

if you are iInterested in learning more about it, you can check the details In the following link.

Leave a Comment

Your email address will not be published. Required fields are marked with *



  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.