| [open-regulatory-compliance] ORC Community events this week |
The CRA‑Attestations aims to explore how open source voluntary security attestations could help manufacturers in supporting their compliance journey under the Cyber Resilience Act (CRA). These attestations would provide a structured way for stewards and maintainers to signal that a software component meets essential security requirements, helping manufacturers, regulators, and end-users navigate CRA obligations.
Given the technical and procedural complexity involved—defining attestation schemas, issuance and revocation processes, tooling, and compatibility with CRA enforcement
The Cyber Resilience Act (CRA) is set to significantly impact the automotive industry, introducing new obligations around cybersecurity, compliance, and software supply chain transparency. For automotive manufacturers and their technology partners, understanding what’s ahead is critical.
Join the Open Regulatory Compliance and Eclipse SDV working groups for an in-depth session exploring how the CRA affects the automotive sector.
We’ll begin with a practical industry perspective from Nicolas Leroux, CEO of Lunatech, who will outline how the CRA is shaping thinking and strategy within automotive manufacturing. From there, Juan Rico, ORC Program Manager, will provide deeper insight into the CRA framework and explain how the ORC working group is helping organisations prepare, including due diligence processes and the role of voluntary security attestations.
This session will help automotive stakeholders, suppliers, and open source contributors better understand their responsibilities under the CRA and how collaborative, open source–driven approaches can support compliance readiness.
Register for the session here.
Eclipse Foundation: The Community for Open Collaboration and Innovation
Handelsregister: Darmstadt HRB 92821
Managing Directors: Gaël Blondelle, Mike Milinkovich, Michael Plagge
BEGIN:VCALENDAR VERSION:2.0 PRODID:-//Google Apps Script//Weekly Event Report//EN CALSCALE:GREGORIAN METHOD:PUBLISH BEGIN:VEVENT UID:1o50vv4ucbutelttu2oa0jqvh6@xxxxxxxxxx DTSTAMP:20260503T114315Z DTSTART:20260506T110000Z DTEND:20260506T120000Z SUMMARY:Unpacking the CRA for the Automotive industry DESCRIPTION:<p dir="ltr">The Cyber Resilience Act (CRA) is set to significantly impact the automotive industry\, introducing new obligations around cybersecurity\, compliance\, and software supply chain transparency. For automotive manufacturers and their technology partners\, understanding what’s ahead is critical.</p><p dir="ltr">Join the Open Regulatory Compliance and Eclipse SDV working groups for an in-depth session exploring how the CRA affects the automotive sector.</p><p dir="ltr">We’ll begin with a practical industry perspective from <b>Nicolas Leroux\, CEO of Lunatech</b>\, who will outline how the CRA is shaping thinking and strategy within automotive manufacturing. From there\, <b>Juan Rico\, ORC Program Manager</b>\, will provide deeper insight into the CRA framework and explain how the ORC working group is helping organisations prepare\, including due diligence processes and the role of voluntary security attestations.</p><p dir="ltr">This session will help automotive stakeholders\, suppliers\, and open source contributors better understand their responsibilities under the CRA and how collaborative\, open source–driven approaches can support compliance readiness.</p> STATUS:CONFIRMED SEQUENCE:0 END:VEVENT END:VCALENDAR
BEGIN:VCALENDAR VERSION:2.0 PRODID:-//Google Apps Script//Weekly Event Report//EN CALSCALE:GREGORIAN METHOD:PUBLISH BEGIN:VEVENT UID:1ql962e8oilm14fna0sdf15713_R20260409T130000@xxxxxxxxxx DTSTAMP:20260503T114315Z DTSTART:20260507T130000Z DTEND:20260507T140000Z SUMMARY:Due Diligence & Vulnerability Handling Task Force DESCRIPTION:The Vulnerability Handling Task Force provides input to the SIG in aspects related to stewards and due diligence. It may also produce white papers.<br><br>Agenda &\; Minutes:Â <a href="https://github.com/orcwg/orcwg/tree/main/cyber-resilience-sig/task-forces/vulnerability-handling-tf/minutes";>https://github.com/orcwg/orcwg/tree/main/cyber-resilience-sig/task-forces/vulnerability-handling-tf/minutes</a><br><br>Meeting info:Â <a href="https://github.com/orcwg/orcwg/blob/main/MEETINGS.md#vulnerability-handling-task-force-call"; target="_blank"><u>https://github.com/orcwg/orcwg/blob/main/MEETINGS.md#vulnerability-handling-task-force-call</u></a><br><br>Jitsi meeting:Â <a href="https://meet.jit.si/moderated/afe9a4643dd84fb5123e1a745a0fd90b749a44c6fb91d582505628215ee52d98"; target="_blank"><u><u>https://meet.jit.si/moderated/afe9a4643dd84fb5123e1a745a0fd90b749a44c6fb91d582505628215ee52d98</u></u></a> LOCATION:https://meet.jit.si/moderated/afe9a4643dd84fb5123e1a745a0fd90b749a44c6fb91d582505628215ee52d98 STATUS:CONFIRMED SEQUENCE:0 END:VEVENT END:VCALENDAR
BEGIN:VCALENDAR VERSION:2.0 PRODID:-//Google Apps Script//Weekly Event Report//EN CALSCALE:GREGORIAN METHOD:PUBLISH BEGIN:VEVENT UID:68ikga54icd7h48b7f89ngo47p@xxxxxxxxxx DTSTAMP:20260503T114315Z DTSTART:20260505T133000Z DTEND:20260505T143000Z SUMMARY:CRA Attestations DESCRIPTION:<p>The CRA‑Attestations aims to explore how open source voluntary security attestations could help manufacturers in supporting their compliance journey under the <b>Cyber Resilience Act (CRA)</b>. These attestations would provide a structured way for stewards and maintainers to signal that a software component meets essential security requirements\, helping manufacturers\, regulators\, and end-users navigate CRA obligations.</p><p>Given the technical and procedural complexity involved—defining attestation schemas\, issuance and revocation processes\, tooling\, and compatibility with CRA enforcement</p> STATUS:CONFIRMED SEQUENCE:0 END:VEVENT END:VCALENDAR