Cyber Resilience Act (CRA)

1

Hi, I’ve dived a bit into the Cyber Resilience Act (CRA) and would like to share some useful resources, for those interested in this topic.

  • Webinar ’ The Cyber Resilience Act and Open Source: What Maintainers Really Need to Know’, 27 May 2025
    • Can really recommend this one, they clearly describe what the CRA is and what effect it has on FOSS projects/maintainers
  • CRA FAQ, with many often asked questions answered
    • Recommended (and made) by the experts of the webinar
  • Linux Foundation course on CRA

General advice from the webinar experts: Read up to date resources. Many blog posts written 2 years ago are outdated and many issues raised back then are solved (so no need to panic :slight_smile: ).

2

Kate Stewart gave a talk this week at the Zephyr Developer Summit, about Zephyr’s CRA readiness. I can recommend looking at the slides and/or watch the presentation! (Slides are available, presentation will come soon)

She gave a nice overview of what the Zephyr project needs to do, including timelines when issues have been found, and how they try to assist the users that need to fully comply with the CRA.