Harness and Traceable have entered into a definitive merger agreement, creating an advanced AI-native DevSecOps platform.
Linux Foundation Europe and OpenSSF announced a global joint-initiative to help prepare maintainers, manufacturers, and open source stewards for the implementation of the EU Cyber Resilience Act (CRA) and future cybersecurity legislation targeting jurisdictions around the world.
This effort aims to help develop and formalize much needed cybersecurity standards and compliance frameworks, to help 100+ million open source communities understand and meet the regulatory requirements outlined in the CRA, with the goal of expanding efforts to address legislation around the world.
The initiative builds on the discussions and outcomes of the recent Open Source Software Stewards and Manufacturers Workshop, where key stakeholders came together to address the critical work needed to align manufacturers, open source projects, and open source software stewards with the requirements outlined in the CRA.
“As software becomes increasingly regulated across the globe, and as the steward for some of the most critical open source projects in the world, we feel the responsibility to reduce friction for our maintainers and software manufacturers leveraging upstream open source to comply with these regulations," said Mirko Boehm, Senior Director for Community Development at Linux Foundation Europe. "While the CRA represents the most immediate priority, our global nature means we can support projects across jurisdictions and prevent the burden of a fragmented regulatory landscape through established community driven standards and tools like those in OpenSSF ”
While the initiative is driven by the immediate need to address the EU Cyber Resilience Act, its implications extend far beyond Europe. With cybersecurity now a global concern, the diverse participation from companies across regions, including the United States, APAC, and others, highlights the universal relevance of this effort. The goal is to equip open source communities and manufacturers worldwide with the tools they need to meet not only European requirements but also the evolving security standards in markets around the globe.
“Cybersecurity is a matter of global concern. I am excited to see efforts like the EU’s CRA come online as it touches on topics we've been working to embed within organizations’ cybersecurity practices for decades," said Christopher “CRob” Robinson, Chief Security Architect of the OpenSSF. "I firmly believe that the responsibility for these practices rightly falls upon commercial entities to perform and provide, not the upstream open source maintainers. Mature manufacturers should already be doing the majority of the legislated requirements, while those that are not doing them will still have a short runway until the CRA finally goes into effect in 2027.”
The EU Cyber Resilience Act sets new regulatory requirements for software security, placing a significant emphasis on the safety and security of digital products sold within the European market. As key players in the global open source community, Linux Foundation Europe and OpenSSF are taking proactive steps to provide compliance guidance and tooling for maintainers and manufacturers, ensuring they are fully prepared for the act’s enforcement.
The initiative will focus on several core deliverables over the coming months to help EU policy makers, including:
- Discussing and formalizing cybersecurity specifications: Developing community-driven standards to ensure open source projects can meet the security requirements outlined in the CRA.
- Providing compliance guidance: Offering tools, processes, and best practices to help maintainers, manufacturers, and developers align with the new regulations.
- Implementing compliance processes and tooling: Creating resources to support the open source community in automating and managing compliance with the CRA across upstream projects.
The Linux Foundation Europe and OpenSSF invite the broader open source community to participate in this initiative.
Industry News
Endor Labs announced a partnership with GitHub that makes it easier than ever for application security teams and developers to accurately identify and remediate the most serious security vulnerabilities—all without leaving GitHub.
Are you using OpenTelemetry? Are you planning to use it? Click here to take the OpenTelemetry survey.
GitHub announced a wave of new features and enhancements to GitHub Copilot to streamline coding tasks based on an organization’s specific ways of working.
Mirantis launched k0rdent, an open-source Distributed Container Management Environment (DCME) that provides a single control point for cloud native applications – on-premises, on public clouds, at the edge – on any infrastructure, anywhere.
Hitachi Vantara announced a new co-engineered solution with Cisco designed for Red Hat OpenShift, a hybrid cloud application platform powered by Kubernetes.
Onapsis announced Onapsis Control Central for SAP application security testing and custom code security supporting RISE with SAP transformations.
Progress announced its recognition in the 2025 Gartner Magic Quadrant for Digital Experience Platforms.
Copado announced comprehensive DevOps support for Salesforce Data Cloud deployments, enabling organizations to streamline the development and deployment of Agentforce solutions.
Appfire announced its acquisition of Flow, an enterprise software product for Software Engineering Intelligence (SEI), from Pluralsight.
Check Point® Software Technologies Ltd. announced new Infinity Platform capabilities to accelerate zero trust, strengthen threat prevention, reduce complexity, and simplify security operations.
WaveMaker announced the release of WaveMaker AutoCode, an AI-powered plugin for the Figma universe that produces pixel-perfect front-end components with lightning fast accuracy.
DoiT announced the acquisition of PerfectScale, an automated Kubernetes (K8s) optimization and governance platform.
Parasoft earned a top spot as a Leader and Fast Mover in the latest GigaOm Radar Report on API Functional Automated Testing.
Linux Foundation Europe and OpenSSF announced a global joint-initiative to help prepare maintainers, manufacturers, and open source stewards for the implementation of the EU Cyber Resilience Act (CRA) and future cybersecurity legislation targeting jurisdictions around the world.