The Cyber Resilience SIG reached a critical milestone by defining a scope of work for 2025. The Cyber Resilience Practices Spec project has also launched, with project proposal and feedback open for review and contribution. The Open Regulatory Compliance WG attended several recent industry events including Embedded World 2025.
Timo Perala and Dirk-Willem van Gulik
ORC co-chairs
What’s New
- Cyber Resilience Practices Specification project has been launched. This project aims to provide specifications to support the implementation of the CRA horizontal standards. You can review the proposal here.
- The Cyber Resilience SIG deliverables plan was approved, including scope and areas of prioritisation. Check it out and learn more about our activities and how to contribute: https://github.com/orcwg/orcwg/tree/main/cyber-resilience-sig
- At the 9th Cybersecurity Standardisation Conference on Thursday, March 20 ORC WG Senior Technical Lead Tobie Langel spoke at a panel called, “Overarching Cybersecurity by Standards.”
- Program Manager, Juan Rico, represented the ORC WG at Embedded World 2025. The Cyber Resilience Act was a hot topic in the embedded community with many organisations discussing their approach to compliance and voicing their concerns about the unanswered questions.
Top Conversations
- The Cyber Resilience Act requires the European Commission to specify the technical description of important and critical products with digital elements. Feedback is due by April 15, 2025. Join the discussion on ORC’s CRA Hub.
- Can a project be without a steward?
- Does a definition of a product category matter to a manufacturer or open source maintainer? The ORC WG is collecting feedback from the open source world and you can contribute via pull requests.
Upcoming Events
CVE/FIRST VulnCon 2025 & Annual CNA Summit | April 7-10 - Collaborate with various vulnerability management and cybersecurity professionals to develop forward leaning ideas that can be taken back to individual programs for action to benefit the vulnerability management ecosystem.
- Marta Rybczynska and Mikael Barbero of the Eclipse Foundation will host a talk called, “Towards a Vulnerability Reporting Specification.” The talk can also be attended virtually for those not able to attend in-person. Register now.
Workshop: Cyber Resilience Act and the horizontal standard | April 8 - The workshop will provide a comprehensive understanding of how standards can effectively mitigate risks, enhance cybersecurity posture, and ensure that products and services are aligned with the legal expectations set forth by the Act.
- Tobie Langel will present at the workshop, which is available to attend online as well as in-person. Register now.
EU Cyber Acts | March 26-27 - As the largest independent event for the cyber certification of ICT products and networks, the EU Cyber Acts Conference will help international developers come up to speed on the leadership of the European Union in setting the benchmark standards for cyber security and resilience.
- Mikael Barbero will participate in the panel "How to Deal with Open-Source Software Used in a Product Under CRA?". Register now.
Recent Talks
- Recap from Victor Roland: A two-day panel on the Cyber Resilience Act (CRA)
- CRA ORC WG Workshop - 30 January
Welcome ORC Members
The following members have joined in March 2025:
- Clever Cloud SAS
- Debian France
- Drupal Association
- Ferrous Systems GmbH
